Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.3.1 Configure AuthorizationCIS Cisco IOS XR 7.x v1.0.1 L2Cisco

ACCESS CONTROL

1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CIS Cisco IOS XE 16.x v2.1.0 L2Cisco

AUDIT AND ACCOUNTABILITY

1.1.7 Set 'aaa accounting connection'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

ACCESS CONTROL

1.2.10 Set 'http Secure-server' limitCIS Cisco IOS XE 16.x v2.1.0 L1Cisco

ACCESS CONTROL

1.3.1 Set the 'banner-text' for 'banner exec'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

AWARENESS AND TRAINING, PROGRAM MANAGEMENT

1.3.4 Set the 'banner-text' for 'webauth banner'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

AWARENESS AND TRAINING, PROGRAM MANAGEMENT

1.4.2 Set 'buffer size'CIS Cisco IOS XR 7.x v1.0.1 L1Cisco

AUDIT AND ACCOUNTABILITY

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctlyCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.3 Set 'logging console critical'CIS Cisco IOS XR 7.x v1.0.1 L1Cisco

AUDIT AND ACCOUNTABILITY

1.4.3.1 Ensure 'aaa authentication enable console' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.5.1 Ensure 'aaa accounting command' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

1.4.7 Set 'logging source interface'CIS Cisco IOS XR 7.x v1.0.1 L1Cisco

AUDIT AND ACCOUNTABILITY

1.5.1 Ensure 'ASDM banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.2 Ensure 'EXEC banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.2 Unset 'public' for 'snmp-server community'CIS Cisco IOS XR 7.x v1.0.1 L1Cisco

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.3 Do not set 'RW' for any 'snmp-server community'CIS Cisco IOS XR 7.x v1.0.1 L1Cisco

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.4 Do not set 'RW' for any 'snmp-server community'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

CONFIGURATION MANAGEMENT

1.5.5 Set 'snmp-server host' when using SNMPCIS Cisco IOS XR 7.x v1.0.1 L1Cisco

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.5.5 Set the ACL for each 'snmp-server community'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.5.7 Set 'priv' for each 'snmp-server group' using SNMPv3CIS Cisco IOS XR 7.x v1.0.1 L2Cisco

IDENTIFICATION AND AUTHENTICATION

1.6.1 Disable Telnet AccessCIS Cisco IOS XR 7.x v1.0.1 L1Cisco

CONFIGURATION MANAGEMENT, MAINTENANCE

1.6.2 Ensure 'SSH version 2' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.7.2 Post-authentication BannerCIS Cisco IOS XR 7.x v1.0.1 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL

1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL

1.9.1.1 Ensure 'NTP authentication' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.11.5 Ensure 'SNMP community string' is not the default stringCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.1 Set the 'hostname'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

CONFIGURATION MANAGEMENT

2.1.4 Set 'no service dhcp'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4.1 AuthenticationCIS Cisco IOS XR 7.x v1.0.1 L2Cisco

IDENTIFICATION AND AUTHENTICATION

2.1.7 Set 'no service pad'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.1.4 Set 'key' for each 'ntp server'CIS Cisco IOS XR 7.x v1.0.1 L2Cisco

AUDIT AND ACCOUNTABILITY

2.2.2 Set 'buffer size' for 'logging buffered'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

AUDIT AND ACCOUNTABILITY

2.2.8 Set 'login success/failure logging'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

AUDIT AND ACCOUNTABILITY

2.3 Ensure 'DNS Guard' is enabledCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.1 AuthenticationCIS Cisco IOS XR 7.x v1.0.1 L2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

2.3.1.3 Set the 'ntp trusted-key'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

AUDIT AND ACCOUNTABILITY

2.4.1 AuthenticationCIS Cisco IOS XR 7.x v1.0.1 L2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

2.4.3 Set 'ntp source' to Loopback InterfaceCIS Cisco IOS XE 16.x v2.1.0 L2Cisco

AUDIT AND ACCOUNTABILITY

3.1.3 Set 'no interface tunnel'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

CONFIGURATION MANAGEMENT

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External NetworksCIS Cisco IOS XE 16.x v2.1.0 L2Cisco

SYSTEM AND INFORMATION INTEGRITY

3.3.1.3 Set 'key-string'CIS Cisco IOS XE 16.x v2.1.0 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.1.7 Set 'authentication mode md5'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.8 Set 'ip authentication key-chain eigrp'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.8 Set 'ip authentication key-chain eigrp'CIS Cisco IOS XE 16.x v2.1.0 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.3.1 Set 'neighbor password'CIS Cisco IOS XE 17.x v2.2.1 L1Cisco

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ensure 'security-level' is set to '0' for Internet-facing interfaceCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION