| CASA-ND-000010 - The Cisco ASA must be configured to limit the number of concurrent management sessions to an organization-defined number. | ACCESS CONTROL |
| CASA-ND-000090 - The Cisco ASA must be configured to automatically audit account creation - Buffer Enabled | ACCESS CONTROL |
| CASA-ND-000090 - The Cisco ASA must be configured to automatically audit account creation - logging enable | ACCESS CONTROL |
| CASA-ND-000100 - The Cisco ASA must be configured to automatically audit account modification - Buffer Enabled | ACCESS CONTROL |
| CASA-ND-000100 - The Cisco ASA must be configured to automatically audit account modification - logging enabled | ACCESS CONTROL |
| CASA-ND-000110 - The Cisco ASA must be configured to automatically audit account-disabling actions - Buffer Enabled | ACCESS CONTROL |
| CASA-ND-000110 - The Cisco ASA must be configured to automatically audit account-disabling actions - logging enabled | ACCESS CONTROL |
| CASA-ND-000120 - The Cisco ASA must be configured to automatically audit account removal actions - Buffer Enabled | ACCESS CONTROL |
| CASA-ND-000120 - The Cisco ASA must be configured to automatically audit account removal actions - logging enabled | ACCESS CONTROL |
| CASA-ND-000140 - The Cisco ASA must be configured to enforce approved authorizations for controlling the flow of management information within the Cisco ASA based on information flow control policies. | ACCESS CONTROL |
| CASA-ND-000160 - The Cisco ASA must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. | ACCESS CONTROL |
| CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation - buffered informational | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation - logging enable | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000240 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur - buffered informational | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000240 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur - logging enable | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000260 - The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred - buffered informational | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000260 - The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred - logging enable | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000270 - The Cisco ASA must be configured to produce audit records containing information to establish when (date and time) the events occurred. | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000280 - The Cisco ASA must be configured to produce audit records containing information to establish where the events occurred - buffered informational | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000280 - The Cisco ASA must be configured to produce audit records containing information to establish where the events occurred - logging enable | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000290 - The Cisco ASA must be configured to produce audit log records containing information to establish the source of events - buffered informational | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000290 - The Cisco ASA must be configured to produce audit log records containing information to establish the source of events - logging enable | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000300 - The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event - buffered informational | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000300 - The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event - logging enable | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000320 - The Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands - buffered informational | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000320 - The Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands - logging enable | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services - HTTP | CONFIGURATION MANAGEMENT |
| CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services - Telnet | CONFIGURATION MANAGEMENT |
| CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - serial | ACCESS CONTROL |
| CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - ssh | ACCESS CONTROL |
| CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable - username | ACCESS CONTROL |
| CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - fips enabled | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh cipher | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh key-exchange | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh version | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000490 - The Cisco ASA must be configured to enforce a minimum 15-character password length. | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000520 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used. | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000530 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one lowercase character be used. | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000550 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one numeric character be used. | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000570 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one special character be used. | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000580 - The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password. | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements - console timeout | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements - http server | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-000910 - The Cisco ASA must be configured to audit the execution of privileged functions - Buffer Enabled | ACCESS CONTROL |
| CASA-ND-000910 - The Cisco ASA must be configured to audit the execution of privileged functions - logging enabled | ACCESS CONTROL |
| CASA-ND-000920 - The Cisco ASA must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements - maximum | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000920 - The Cisco ASA must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements - minimum | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000930 - The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts - logging host | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000930 - The Cisco ASA must be configured to generate an immediate real-time alert of all audit failure events requiring real-time alerts - logging trap | AUDIT AND ACCOUNTABILITY |
