800-53|AC-18(1)

Title

AUTHENTICATION AND ENCRYPTION

Description

The information system protects wireless access to the system using authentication of [Selection (one or more): users; devices] and encryption.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SC-13,SC-8

Category: ACCESS CONTROL

Parent Title: WIRELESS ACCESS

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Ensure intra-zone traffic is not always allowed	FortiGate	CIS Fortigate 7.0.x v1.3.0 L1
1.2.1 Ensure 'Domain Name' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.2 Ensure 'Image Authenticity' is correct	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout Time	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.4.1 Ensure 'aaa command authorization' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.4.2 Ensure 'aaa authorization exec' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
2.1.1.1 Authentication	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L2
2.2 Ensure that WMI probing is disabled	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
3.1.2 Set 'no ip proxy-arp'	Cisco	CIS Cisco IOS 12 L2 v4.0.0
3.1.4.3 Use Unicast Routing Protocols Only	Cisco	CIS Cisco NX-OS L2 v1.1.0
3.2 Ensure access to Configuration utility by clients using TLS version 1.2 or later	F5	CIS F5 Networks v1.0.0 L1
3.2.4 Disable IP Directed Broadcasts on all Layer 3 Interfaces	Cisco	CIS Cisco NX-OS L1 v1.1.0
3.3 Ensure access to Configuration utility is restricted to needed IP addresses only	F5	CIS F5 Networks v1.0.0 L1
3.3.1.2 Set 'key'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
3.3.1.2 Set 'key'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
3.3.1.3 Set 'key-string'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
3.3.1.3 Set 'key-string'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
3.3.1.4 Set 'address-family ipv4 autonomous-system'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
3.3.1.4 Set 'address-family ipv4 autonomous-system'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
3.3.1.5 Set 'af-interface default'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
3.3.1.5 Set 'af-interface default'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
3.3.1.6 Set 'authentication key-chain'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
3.3.1.6 Set 'authentication key-chain'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
3.3.1.7 Set 'authentication mode md5'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
3.3.1.7 Set 'authentication mode md5'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
3.3.1.8 Set 'ip authentication key-chain eigrp'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
3.3.1.8 Set 'ip authentication key-chain eigrp'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
3.3.1.9 Set 'ip authentication mode eigrp'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
3.3.1.9 Set 'ip authentication mode eigrp'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
4.3.3.1 Ensure autoconf6 is not in use	Unix	CIS IBM AIX 7 v1.0.0 L1
4.3.3.3 Ensure ndpd-router is not in use	Unix	CIS IBM AIX 7 v1.0.0 L1
4.7 Ensure to set Strong SSH KEY Exchange algorithm	F5	CIS F5 Networks v1.0.0 L1
4.8 Ensure access SSH to CLI interface is restricted to needed IP addresses only	F5	CIS F5 Networks v1.0.0 L1
9.2 Ensure KeepAlive Is Enabled	Unix	CIS Apache HTTP Server 2.4 L1 v2.1.0
9.2 Ensure KeepAlive Is Enabled	Unix	CIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware
9.3 Ensure MaxKeepAliveRequests is Set to a Value of 100 or Greater	Unix	CIS Apache HTTP Server 2.4 L1 v2.1.0
9.3 Ensure MaxKeepAliveRequests is Set to a Value of 100 or Greater	Unix	CIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware
9.4 Ensure KeepAliveTimeout is Set to a Value of 15 or Less	Unix	CIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware
9.4 Ensure KeepAliveTimeout is Set to a Value of 15 or Less	Unix	CIS Apache HTTP Server 2.4 L1 v2.1.0
10.1 Ensure the LimitRequestLine directive is Set to 512 or less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
10.1 Ensure the LimitRequestLine directive is Set to 512 or less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware

Detections

Analytics

800-53|AC-18(1)

Title

Description

Reference Item Details

Audit Items