2.12 Enable Secure Logging - 'syslog cplogs' | AUDIT AND ACCOUNTABILITY |
2.12 Enable Secure Logging - 'syslog log-remote-address' | AUDIT AND ACCOUNTABILITY |
3.10 Take Configuration Snapshots Regularly - 'set snapshot' | CONTINGENCY PLANNING |
3.11 Take Configuration Snapshots Regularly - 'add snapshot' | CONTINGENCY PLANNING |
Banner Messages - 'banner' | ACCESS CONTROL |
Banner Messages - 'motd' | ACCESS CONTROL |
Base Config - 'DHCP Client Disabled' | CONFIGURATION MANAGEMENT |
Base Config - 'Host Name has been configured' | CONFIGURATION MANAGEMENT |
Base Config - 'Review Host Name' | CONFIGURATION MANAGEMENT |
Base Config - 'Time Zone' | CONFIGURATION MANAGEMENT |
CLI Interface - 'set inactivity-timeout <= 10' | ACCESS CONTROL |
Dedicated management port - 'set interface Mgmt state on' | SYSTEM AND COMMUNICATIONS PROTECTION |
dns Service - 'dns server primary is configured' | SYSTEM AND COMMUNICATIONS PROTECTION |
dns Service - 'dns server secondary is configured' | SYSTEM AND COMMUNICATIONS PROTECTION |
Expert Mode - 'set expert-password plain does not exist' | IDENTIFICATION AND AUTHENTICATION |
ftp Service - 'set backup restore ftp does not exist' | SYSTEM AND COMMUNICATIONS PROTECTION |
Management Network - 'add allowed-client host any-host' not set | SYSTEM AND COMMUNICATIONS PROTECTION |
ntp Service - 'ntp server primary is configured' | AUDIT AND ACCOUNTABILITY |
ntp Service - 'ntp server secondary is configured' | AUDIT AND ACCOUNTABILITY |
ntp Service - 'set ntp active = on' | AUDIT AND ACCOUNTABILITY |
Password Controls - 'complexity >= 1' | IDENTIFICATION AND AUTHENTICATION |
Password Controls - 'history-checking = true' | IDENTIFICATION AND AUTHENTICATION |
Password Controls - 'history-length >= 5' | IDENTIFICATION AND AUTHENTICATION |
Password Controls - 'min-password-length >= 8' | IDENTIFICATION AND AUTHENTICATION |
Password Controls - 'palindrome = true' | IDENTIFICATION AND AUTHENTICATION |
Password Controls - 'password-expiration != never' | IDENTIFICATION AND AUTHENTICATION |
SNMP Service - 'no public or private read-write community strings exist' | IDENTIFICATION AND AUTHENTICATION |
SNMP Service - 'set snmp agent = off' | CONFIGURATION MANAGEMENT |
SNMP Service - 'set snmp agent-version = v3' | CONFIGURATION MANAGEMENT |
SNMP Service - 'set snmp community public does not exist' | IDENTIFICATION AND AUTHENTICATION |
SNMP Service - 'SNMP settings should be reviewed' | CONFIGURATION MANAGEMENT |
telnet Service - 'set net-access telnet = off' | CONFIGURATION MANAGEMENT |
tftp Service - 'set backup restore tftp does not exist' | SYSTEM AND COMMUNICATIONS PROTECTION |
User Accounts - 'User Account shell should be /etc/cli.sh' | CONFIGURATION MANAGEMENT |
User Accounts - 'User Accounts should be reviewed' | ACCESS CONTROL |
User Authentication - 'radius-servers' | IDENTIFICATION AND AUTHENTICATION |
User Authentication - 'ssl-certificate cert-file passphrase' | IDENTIFICATION AND AUTHENTICATION |
User Authentication - 'tacacs-servers' | IDENTIFICATION AND AUTHENTICATION |
Web Interface - 'set web session-timeout <= 10' | ACCESS CONTROL |
Web Interface - 'set web ssl-port is configured' | SYSTEM AND COMMUNICATIONS PROTECTION |
Web Interface - 'set web ssl3-enabled is disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |