CIS Cisco IOS 12 L2 v2.4.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Cisco IOS 12 L2 v2.4.0

Updated: 7/30/2019

Authority: CIS

Plugin: Cisco

Revision: 1.4

Estimated Item Count: 43

File Details

Filename: CIS_v2.4.0_Cisco_IOS_Level_2.audit

Size: 24.8 kB

Audit Items

DescriptionCategories
2.1.1.1 Require AAA Authentication Enable
2.1.1.2 Require AAA Authentication Login
2.1.1.3 Require AAA Accounting Commands
2.1.1.4 Require AAA Accounting Connection
2.1.1.5 Require AAA Accounting Exec
2.1.1.6 Require AAA Accounting Network
2.1.1.7 Require AAA Accounting System
2.2.1.1 Require Binding AAA Service to Loopback Interface
2.2.1.2 Require Binding NTP Service to Loopback Interface (NTP Check)
2.2.1.2 Require Binding NTP Service to Loopback Interface (NTP/SNTP Check)
2.2.1.2 Require Binding NTP Service to Loopback Interface (SNTP Check)
2.2.1.2 Require Bingin NTP Service to Loopback Interface
2.2.1.3 Require Binding TFTP Service to Loopback Interface
2.2.1.4 Require Loopback Interface
2.2.1.5 Forbid Multiple Loopback Interfaces
2.3.1.1 Forbid Private Source Addresses from External Networks (0.0.0.0)
2.3.1.1 Forbid Private Source Addresses from External Networks (10.0.0.0)
2.3.1.1 Forbid Private Source Addresses from External Networks (127.0.0.0)
2.3.1.1 Forbid Private Source Addresses from External Networks (169.254.0.0)
2.3.1.1 Forbid Private Source Addresses from External Networks (172.16.0.0)
2.3.1.1 Forbid Private Source Addresses from External Networks (192.0.2.0)
2.3.1.1 Forbid Private Source Addresses from External Networks (192.168.0.0)
2.3.1.1 Forbid Private Source Addresses from External Networks (224.0.0.0)
2.3.1.1 Forbid Private Source Addresses from External Networks (host 255.255.255.255)
2.3.1.1 Forbid Private Source Addresses from External Networks (Internal Networks)
2.3.1.1 Forbid Private Source Addresses from External Networks (WAN Interface check)
2.3.1.2 Forbid External Source Addresses on Outbound Traffic (Internal Network Permit Check)
2.3.1.2 Forbid External Source Addresses on Outbound Traffic (Outbound Interface check)
2.3.1.3 Require BGP Authentication if Protocol is Used
2.3.1.4 Require EIGRP Authentication if Protocol is Used (ip authentication key-chain eigrp)
2.3.1.4 Require EIGRP Authentication if Protocol is Used (ip authentication mode eigrp)
2.3.1.4 Require EIGRP Authentication if Protocol is Used (key Chain)
2.3.1.4 Require EIGRP Authentication if Protocol is Used (key-string)
2.3.1.5 Require OSPF Authentication if Protocol is Used (Authentication Message-Digest)
2.3.1.5 Require OSPF Authentication if Protocol is Used (Message-Digest-Key)
2.3.1.6 Require RIPv2 Authentication if Protocol is Used (ip rip authentication key-chain)
2.3.1.6 Require RIPv2 Authentication if Protocol is Used (ip rip authentication mode md5)
2.3.1.6 Require RIPv2 Authentication if Protocol is Used (key chain)
2.3.1.6 Require RIPv2 Authentication if Protocol is Used (key-string)
2.3.2.1 Require Unicast Reverse-Path Forwarding (uRPF) (ip cef)
2.3.2.1 Require Unicast Reverse-Path Forwarding (uRPF) (ip verify unicast reverse-path rx)
2.3.2.2 Forbid IP Proxy ARP
2.3.2.3 Forbid Tunnel Interfaces