Detections
Analytics

CIS Cisco Firewall ASA 9 L1 v4.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Cisco Firewall ASA 9 L1 v4.0.0

Updated: 2/23/2018

Authority: CIS

Plugin: Cisco

Revision: 1.4

Estimated Item Count: 94

Audit Items

DescriptionCategories
1.1.1 Ensure 'Logon Password' is set

IDENTIFICATION AND AUTHENTICATION

1.1.2 Ensure 'Enable Password' is set

IDENTIFICATION AND AUTHENTICATION

1.1.3 Ensure 'Master Key Passphrase' is set
1.1.4 Ensure 'Password Recovery' is disabled
1.1.5 Ensure 'Password Policy' is enabled - lifetime
1.1.5 Ensure 'Password Policy' is enabled - minimum-changes
1.1.5 Ensure 'Password Policy' is enabled - minimum-length
1.1.5 Ensure 'Password Policy' is enabled - minimum-lowercase
1.1.5 Ensure 'Password Policy' is enabled - minimum-numeric
1.1.5 Ensure 'Password Policy' is enabled - minimum-special
1.1.5 Ensure 'Password Policy' is enabled - minimum-uppercase
1.2.1 Ensure 'Domain Name' is set
1.2.2 Ensure 'Host Name' is set
1.2.3 Ensure 'Failover' is enabled
1.2.4 Ensure 'Unused Interfaces' is disable
1.3.1 Ensure 'Image Integrity' is correct
1.3.2 Ensure 'Image Authenticity' is correct
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'

ACCESS CONTROL

1.4.1.2 Ensure 'local username and password' is set

IDENTIFICATION AND AUTHENTICATION

1.4.1.3 Ensure known default accounts do not exist
1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - protocol

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - server

IDENTIFICATION AND AUTHENTICATION

1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.3.2 Ensure 'aaa authentication http console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctly

SYSTEM AND COMMUNICATIONS PROTECTION

1.4.3.4 Ensure 'aaa authentication serial console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.3.6 Ensure 'aaa authentication telnet console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.4.1 Ensure 'aaa command authorization' is configured correctly

ACCESS CONTROL

1.4.4.2 Ensure 'aaa authorization exec' is configured correctly

ACCESS CONTROL

1.4.5.1 Ensure 'aaa command accounting' is configured correctly
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly

AUDIT AND ACCOUNTABILITY

1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly

AUDIT AND ACCOUNTABILITY

1.4.5.4 Ensure 'aaa accounting for EXEC mode' is configured correctly

AUDIT AND ACCOUNTABILITY

1.5.1 Ensure 'ASDM banner' is set

ACCESS CONTROL

1.5.2 Ensure 'EXEC banner' is set

ACCESS CONTROL

1.5.3 Ensure 'LOGIN banner' is set

ACCESS CONTROL

1.5.4 Ensure 'MOTD banner' is set

ACCESS CONTROL

1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure 'SSH version 2' is enabled

CONFIGURATION MANAGEMENT

1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bits
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfers
1.6.5 Ensure 'Telnet' is disabled

CONFIGURATION MANAGEMENT

1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address
1.7.2 Ensure 'TLS 1.0' is set for HTTPS access
1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes

ACCESS CONTROL

1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes

ACCESS CONTROL

1.8.3 Ensure 'HTTP session timeout' is less than or equal to '5' minutes
1.9.1.1 Ensure 'NTP authentication' is enabled

IDENTIFICATION AND AUTHENTICATION