Detections
Analytics

CIS Fortigate Level 1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Fortigate Level 1 v1.0.0

Updated: 6/27/2023

Authority: CIS

Plugin: FortiGate

Revision: 1.5

Estimated Item Count: 33

Audit Items

DescriptionCategories
1.1 Ensure DNS server is configured - dns server 1
1.1 Ensure DNS server is configured - dns server 2
1.2 Ensure intra-zone traffic is not always allowed
2.1.1 Ensure 'Pre-Login Banner' is set - enable
2.1.1 Ensure 'Pre-Login Banner' is set - warning message
2.1.2 Ensure 'Post-Login-Banner' is set - enable
2.1.2 Ensure 'Post-Login-Banner' is set - warning message
2.1.3 Ensure timezone is properly configured
2.1.4 Ensure correct system time is configured through NTP - ntp server 1
2.1.4 Ensure correct system time is configured through NTP - ntp server 2
2.1.5 Ensure hostname is set
2.2.1 Ensure 'Password Policy' is enabled - apply-to
2.2.1 Ensure 'Password Policy' is enabled - expire-day
2.2.1 Ensure 'Password Policy' is enabled - expire-status
2.2.1 Ensure 'Password Policy' is enabled - min-lower-case-letter
2.2.1 Ensure 'Password Policy' is enabled - min-non-alphanumeric
2.2.1 Ensure 'Password Policy' is enabled - min-number
2.2.1 Ensure 'Password Policy' is enabled - min-upper-case-letter
2.2.1 Ensure 'Password Policy' is enabled - minimum-length
2.2.1 Ensure 'Password Policy' is enabled - reuse-password
2.2.1 Ensure 'Password Policy' is enabled - status
2.2.2 Ensure administrator password retries and lockout time are configured - admin-lockout-duration
2.2.2 Ensure administrator password retries and lockout time are configured - admin-lockout-threshold
2.3.1 Ensure SNMP agent is disabled
2.4.1 Ensure default 'admin' password is changed
2.4.2 Ensure all the login accounts having specific trusted hosts enabled
2.4.3 Ensure admin accounts with different privileges having their correct profiles assigned
2.4.4 Ensure idle timeout time is configured
2.4.5 Ensure only encrypted access channels are enabled
2.5.2 Ensure 'Monitor Interfaces' for High Availability Devices is Enabled
2.5.3 Ensure HA Reserved Management Interface is Configured
3.2 Ensure that policies do not use 'ALL' as Service
5.1.1 Enable Compromised Host Quarantine

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY