800-53|AC-18(3)

Title

DISABLE WIRELESS NETWORKING

Description

The organization disables, when not intended for use, wireless networking capabilities internally embedded within information system components prior to issuance and deployment.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-19

Category: ACCESS CONTROL

Parent Title: WIRELESS ACCESS

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Ensure intra-zone traffic is not always allowed	FortiGate	CIS Fortigate 7.0.x v1.3.0 L1
1.2.1 Ensure 'Domain Name' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Host Name' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPS	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMP	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSH	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.3 Ensure 'Failover' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure 'Unused Interfaces' is disable	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.3 Disable all management related services on WAN port	FortiGate	CIS Fortigate 7.0.x v1.3.0 L1
1.3.1 Pre-authentication Banner	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.3.2 Ensure 'Image Authenticity' is correct	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.3.2 Post-authentication Banner	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout Time	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L2 v1.1.0
1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.3.2 Ensure 'aaa authentication http console' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.3.4 Ensure 'aaa authentication ssh console' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.4.1 Ensure 'aaa command authorization' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.4.2 Ensure 'aaa authorization exec' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.1 Ensure 'aaa accounting command' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.3 Ensure 'aaa accounting for EXEC mode' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.7.1 Pre-authentication Banner	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.7.2 Post-authentication Banner	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.8.2 Disable iPXE (Pre-boot eXecution Environment)	Cisco	CIS Cisco NX-OS L2 v1.1.0
10.1 Ensure the LimitRequestLine directive is Set to 512 or less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
10.1 Ensure the LimitRequestLine directive is Set to 512 or less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	Windows	CIS Windows Server 2012 R2 DC L2 v3.0.0
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L2 Domain Controller
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	Windows	CIS Windows Server 2012 MS L2 v3.0.0
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L2 DC
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L2 MS
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L2 MS
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	Windows	CIS Windows Server 2012 R2 MS L2 v3.0.0
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L2 MS

Detections

Analytics

800-53|AC-18(3)

Title

Description

Reference Item Details

Audit Items