Tenable Cisco Firepower Threat Defense Best Practices Audit

Audit Details

Name: Tenable Cisco Firepower Threat Defense Best Practices Audit

Updated: 6/17/2024

Authority: TNS

Plugin: Cisco_Firepower

Revision: 1.7

Estimated Item Count: 49

File Details

Filename: Tenable_Best_Practices_Firepower_Threat_Defense.audit

Size: 88.9 kB

MD5: f613f10ef232ea9fb132276ad7939e21
SHA256: d1cd12847de69199ef03fae3d5b99bffebaf373657a65a7a87cf6c9ab8129d45

Audit Items

DescriptionCategories
Ensure 'aaa local authentication max failed attempts' is set to your organization's poicy

ACCESS CONTROL

Ensure 'console session timeout' is set to organizational policy

ACCESS CONTROL

Ensure 'EIGRP authentication' is enabled

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'Failover' is enabled

SYSTEM AND INFORMATION INTEGRITY

Ensure 'Host Name' is set

CONFIGURATION MANAGEMENT

Ensure 'HTTP session timeout' is set to organzational policy

ACCESS CONTROL

Ensure 'HTTP source restriction' is set to an authorized IP address

ACCESS CONTROL

Ensure 'Image Authenticity' is correct

SYSTEM AND INFORMATION INTEGRITY

Ensure 'Image Integrity' is correct

SYSTEM AND INFORMATION INTEGRITY

Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)

AUDIT AND ACCOUNTABILITY

Ensure 'logging buffered severity ' is greater than or equal to '3'

AUDIT AND ACCOUNTABILITY

Ensure 'logging to monitor' is disabled

AUDIT AND ACCOUNTABILITY

Ensure 'logging to monitor' is disabled - show logging

AUDIT AND ACCOUNTABILITY

Ensure 'logging to Serial console' is disabled

AUDIT AND ACCOUNTABILITY

Ensure 'logging trap severity ' is greater than or equal to '5'

AUDIT AND ACCOUNTABILITY

Ensure 'logging trap' is enabled

AUDIT AND ACCOUNTABILITY

Ensure 'logging with timestamps' is enabled

AUDIT AND ACCOUNTABILITY

Ensure 'logging with timestamps' is enabled - show logging

AUDIT AND ACCOUNTABILITY

Ensure 'logging' is enabled

AUDIT AND ACCOUNTABILITY

Ensure 'noproxyarp' is enabled for untrusted interfaces

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'OSPF authentication' is enabled

IDENTIFICATION AND AUTHENTICATION

Ensure 'Password Policy' is enabled - minimum-length

IDENTIFICATION AND AUTHENTICATION

Ensure 'RIP authentication' is enabled

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'SNMP community string' is not the default string

IDENTIFICATION AND AUTHENTICATION

Ensure 'SNMP traps' is enabled - authentication

AUDIT AND ACCOUNTABILITY

Ensure 'SNMP traps' is enabled - coldstart

AUDIT AND ACCOUNTABILITY

Ensure 'SNMP traps' is enabled - linkdown

AUDIT AND ACCOUNTABILITY

Ensure 'SNMP traps' is enabled - linkup

AUDIT AND ACCOUNTABILITY

Ensure 'snmp-server group' is set to 'v3 priv'

AUDIT AND ACCOUNTABILITY

Ensure 'snmp-server group' is set to 'v3 priv' - show snmp-server

CONFIGURATION MANAGEMENT

Ensure 'SSH source restriction' is set to an authorized IP address

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'syslog hosts' is configured correctly

AUDIT AND ACCOUNTABILITY

Ensure 'TACACS+/RADIUS' is configured correctly - protocol

ACCESS CONTROL

Ensure 'threat-detection statistics' is set to 'tcp-intercept'

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'TLS 1.0' is set for HTTPS access

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'Unused Interfaces' is disable

ACCESS CONTROL

Ensure DHCP services are disabled for untrusted interfaces - dhcpd

CONFIGURATION MANAGEMENT

Ensure DHCP services are disabled for untrusted interfaces - dhcprelay

CONFIGURATION MANAGEMENT

Ensure DNS services are configured correctly - domain-lookup

CONFIGURATION MANAGEMENT

Ensure DNS services are configured correctly - name-server

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure email logging is configured for critical to emergency

AUDIT AND ACCOUNTABILITY

Ensure email logging is enabled

AUDIT AND ACCOUNTABILITY

Ensure ICMP is restricted for untrusted interfaces

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure intrusion prevention is enabled for untrusted interfaces

SYSTEM AND INFORMATION INTEGRITY

Ensure known default accounts do not exist - cmd_exec

ACCESS CONTROL

Ensure non-default application inspection is configured correctly

SYSTEM AND INFORMATION INTEGRITY

Ensure packet fragments are restricted for untrusted interfaces

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure timezone is properly configured

CONFIGURATION MANAGEMENT