Detections
Analytics

CIS Cisco Firewall ASA 8 L1 v4.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Cisco Firewall ASA 8 L1 v4.1.0

Updated: 1/11/2022

Authority: CIS

Plugin: Cisco

Revision: 1.10

Estimated Item Count: 83

File Details

Filename: CIS_v4.1.0_Cisco_Firewall_ASA_8_Level_1.audit

Size: 123 kB

MD5: f8a41ce769b92739bc8e2cbf1bb8e0e3
SHA256: b630e2f0c4a756ac3fd5c3fdad29619a772e9dbf07d3ae27974555b760366a6c

Audit Items

DescriptionCategories
1.1.1 Ensure 'Logon Password' is set

IDENTIFICATION AND AUTHENTICATION

1.1.2 Ensure 'Enable Password' is set

IDENTIFICATION AND AUTHENTICATION

1.1.3 Ensure 'Master Key Passphrase' is set
1.1.4 Ensure 'Password Recovery' is disabled
1.2.1 Ensure 'Domain Name' is set
1.2.2 Ensure 'Host Name' is set
1.2.3 Ensure 'Failover' is enabled
1.2.4 Ensure 'Unused Interfaces' is disable
1.3.1 Ensure 'Image Integrity' is correct

SYSTEM AND SERVICES ACQUISITION

1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'

ACCESS CONTROL

1.4.1.2 Ensure 'local username and password' is set

IDENTIFICATION AND AUTHENTICATION

1.4.1.3 Ensure known default accounts do not exist
1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - protocol

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - server

IDENTIFICATION AND AUTHENTICATION

1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.3.2 Ensure 'aaa authentication http console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctly

SYSTEM AND COMMUNICATIONS PROTECTION

1.4.3.4 Ensure 'aaa authentication serial console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.3.6 Ensure 'aaa authentication telnet console' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.4.4.1 Ensure 'aaa command authorization' is configured correctly

ACCESS CONTROL

1.4.4.2 Ensure 'aaa authorization exec' is configured correctly

ACCESS CONTROL

1.4.5.1 Ensure 'aaa command accounting' is configured correctly
1.5.1 Ensure 'ASDM banner' is set

ACCESS CONTROL

1.5.2 Ensure 'EXEC banner' is set

ACCESS CONTROL

1.5.3 Ensure 'LOGIN banner' is set

ACCESS CONTROL

1.5.4 Ensure 'MOTD banner' is set

ACCESS CONTROL

1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure 'SSH version 2' is enabled

CONFIGURATION MANAGEMENT

1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bits

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.4 Ensure 'SCP protocol' is set to Enable for files transfers
1.6.5 Ensure 'Telnet' is disabled

CONFIGURATION MANAGEMENT

1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address
1.7.2 Ensure 'TLS 1.0' is set for HTTPS access
1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access
1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes

ACCESS CONTROL

1.8.3 Ensure 'HTTP session timeout' is less than or equal to '5' minutes
1.9.1.1 Ensure 'NTP authentication' is enabled

IDENTIFICATION AND AUTHENTICATION

1.9.1.2 Ensure 'NTP authentication key' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.9.1.3 Ensure 'trusted NTP server' exists

AUDIT AND ACCOUNTABILITY

1.9.2 Ensure 'local timezone' is properly configured

CONFIGURATION MANAGEMENT

1.10.1 Ensure 'logging' is enabled

AUDIT AND ACCOUNTABILITY

1.10.2 Ensure 'logging to Serial console' is disabled

AUDIT AND ACCOUNTABILITY

1.10.3 Ensure 'logging to monitor' is disabled
1.10.4 Ensure 'syslog hosts' is configured correctly

AUDIT AND ACCOUNTABILITY

1.10.5 Ensure 'logging with the device ID' is configured correctly
1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5'
1.10.7 Ensure 'logging with timestamps' is enabled

AUDIT AND ACCOUNTABILITY

1.10.8 Ensure 'syslog logging facility' is equal to '23'
1.10.9 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)