Detections
Analytics

Revision 1.2

Sep 12, 2023
Miscellaneous
  • Metadata updated.
  • See also link updated.
  • Variables updated.
Added
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection
  • CISC-L2-000110 - The Cisco switch must have Spanning Tree Protocol (STP) Loop Guard enabled
  • CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources
  • CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs
Removed
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - aaa authentication
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - aaa group
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - aaa new-model
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - dot1x system-auth-control
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - interface dot1x
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - radius server
  • CISC-L2-000110 - The Cisco switch must have Spanning Tree Protocol (STP) Loop Guard enabled - spanning-tree loopguard
  • CISC-L2-000110 - The Cisco switch must have Spanning Tree Protocol (STP) Loop Guard enabled - spanning-tree mode
  • CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping
  • CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping vlan
  • CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs - ip igmp snooping
  • CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs - ip igmp snooping vlan