Item Search

NameAudit NamePluginCategory
1.9.2 Ensure 'local timezone' is properly configuredCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

CASA-FW-000010 - The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services - ingress ACLDISA STIG Cisco ASA FW v2r1Cisco

ACCESS CONTROL

CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - QueueDISA STIG Cisco ASA FW v2r1Cisco

AUDIT AND ACCOUNTABILITY

CASA-FW-000170 - The Cisco ASA perimeter firewall must be configured to filter traffic destined to the enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments - ACLDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000200 - The Cisco ASA must be configured to send log data of denied traffic to a central audit server for analysis - Logging HostDISA STIG Cisco ASA FW v2r1Cisco

CONFIGURATION MANAGEMENT

CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACLDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - InterfaceDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authenticationDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryptionDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash shaDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetimeDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match addressDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - outside interfaceDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set lifetimeDISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000280 - The Cisco ASA must be configured to inspect all inbound and outbound IPv6 traffic for unknown or out-of-order extension headers.DISA STIG Cisco ASA FW v2r1Cisco

CONFIGURATION MANAGEMENT

CASA-FW-000290 - The Cisco ASA must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF) - ACLDISA STIG Cisco ASA FW v2r1Cisco

CONFIGURATION MANAGEMENT

CASA-FW-000290 - The Cisco ASA must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF) - network-objectDISA STIG Cisco ASA FW v2r1Cisco

CONFIGURATION MANAGEMENT

CASA-FW-000290 - The Cisco ASA must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF) - URFDISA STIG Cisco ASA FW v2r1Cisco

CONFIGURATION MANAGEMENT

CASA-ND-000010 - The Cisco ASA must be configured to limit the number of concurrent management sessions to an organization-defined number.DISA STIG Cisco ASA NDM v2r2Cisco

ACCESS CONTROL

CASA-ND-000120 - The Cisco ASA must be configured to automatically audit account removal actions.DISA STIG Cisco ASA NDM v2r2Cisco

ACCESS CONTROL

CASA-ND-000270 - The Cisco ASA must be configured to produce audit records containing information to establish when (date and time) the events occurred.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-ND-000450 - The Cisco ASA must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.DISA STIG Cisco ASA NDM v2r2Cisco

ACCESS CONTROL

CASA-ND-000580 - The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.DISA STIG Cisco ASA NDM v2r2Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements.DISA STIG Cisco ASA NDM v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm.DISA STIG Cisco ASA NDM v2r2Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based.DISA STIG Cisco ASA NDM v2r2Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications.DISA STIG Cisco ASA NDM v2r2Cisco

MAINTENANCE

CASA-ND-001150 - The Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.DISA STIG Cisco ASA NDM v2r2Cisco

MAINTENANCE

CASA-ND-001370 - The Cisco ASA must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.DISA STIG Cisco ASA NDM v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator.DISA STIG Cisco ASA NDM v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-VN-000090 - The Cisco ASA must be configured to generate an alert that can be forwarded as an alert to organization-defined personnel and/or firewall administrator of all log failure events.DISA STIG Cisco ASA VPN v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations.DISA STIG Cisco ASA VPN v2r2Cisco

CONFIGURATION MANAGEMENT

CASA-VN-000200 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to implement IPsec encryption services.DISA STIG Cisco ASA VPN v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network.DISA STIG Cisco ASA VPN v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-VN-000440 - The Cisco ASA remote access VPN server must be configured to enforce certificate-based authentication before granting access to the network.DISA STIG Cisco ASA VPN v2r2Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-VN-000510 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish where the events occurred.DISA STIG Cisco ASA VPN v2r2Cisco

AUDIT AND ACCOUNTABILITY

CASA-VN-000610 - The Cisco ASA remote access VPN server must be configured to generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.DISA STIG Cisco ASA VPN v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-VN-000630 - The Cisco ASA remote access VPN server must be configured to use SHA-2 at 384 bits or greater for hashing to protect the integrity of IPsec remote access sessions.DISA STIG Cisco ASA VPN v2r2Cisco

ACCESS CONTROL

CASA-VN-000660 - The Cisco VPN remote access server must be configured to accept Common Access Card (CAC) credential credentials.DISA STIG Cisco ASA VPN v2r2Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-VN-000700 - The Cisco ASA VPN remote access server must be configured to disable split-tunneling for remote clients.DISA STIG Cisco ASA VPN v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation.DISA STIG Cisco ASA VPN v2r2Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network.DISA STIG Cisco ASA VPN v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI5-VMNET-000004 - Virtual switch VLANs must be fully documented and have only the required VLANs.DISA STIG VMWare ESXi Server 5 STIG v2r1VMware

CONFIGURATION MANAGEMENT

Prevent enabling lock screen cameraMSCT Windows Server v20H2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Prevent enabling lock screen cameraMSCT Windows 10 v22H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Prevent enabling lock screen cameraMSCT Windows Server v2004 MS v1.0.0Windows

CONFIGURATION MANAGEMENT

Prevent enabling lock screen cameraMSCT Windows Server 2016 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Prevent enabling lock screen cameraMSCT Windows 11 v22H2 v1.0.0Windows

CONFIGURATION MANAGEMENT

Prevent enabling lock screen cameraMSCT Windows Server 2025 DC v2506 v1.0.0Windows

CONFIGURATION MANAGEMENT

vNetwork : reject-forged-transmit-dvportgroupVMWare vSphere 6.0 Hardening GuideVMware