Detections
Analytics

800-53|SC-7(15)

Title

ROUTE PRIVILEGED NETWORK ACCESSES

Description

The information system routes all networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing.

Reference Item Details

Related: AC-2,AC-3,AU-2,SI-4

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 12 L1 v4.0.0
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
3.1 Enable the Firewall Stealth RuleCheckPointCIS Check Point Firewall L2 v1.1.0
3.1.1 Ensure Caller ID is setJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.1.2 Ensure access profile is set to use CHAPJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions included within the boundary containing security functions.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.3 Ensure SharePoint implements security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
5.1 Ensure Common SNMP Community Strings are NOT usedJuniperCIS Juniper OS Benchmark v2.1.0 L1
5.3 Ensure a client list is set for SNMPv1/v2 communitiesJuniperCIS Juniper OS Benchmark v2.1.0 L1
5.8 Ensure interface restrictions are set for SNMPJuniperCIS Juniper OS Benchmark v2.1.0 L1
5.9 Ensure SNMP is set to OOB management onlyJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.2.6 Ensure Web-Management Interface Restriction is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.2.7 Ensure Web-Management Interface Restriction is set to OOB ManagementJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.11 Ensure a route table for the public subnets is createdamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.12 Ensure a route table for the private subnets is createdamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.13 Ensure Routing Table associated with Web tier ELB subnet have the default route (0.0.0.0/0) defined to allow connectivityamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.14 Ensure Routing Table associated with Web tier subnet have the default route (0.0.0.0/0) defined to allow connectivityamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.15 Ensure Routing Table associated with App tier subnet have the default route (0.0.0.0/0) defined to allow connectivityamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
6.16 Ensure Routing Table associated with Data tier subnet have NO default route (0.0.0.0/0) defined to allow connectivityamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
Authorized IP managersArubaOSArubaOS Switch 16.x Hardening Guide v1.0.0
FireEye - User connections are limited by subnet or VLANFireEyeTNS FireEye
Network Security - Use the Out-of-Band (OOB) interface for all management related trafficJuniperJuniper Hardening JunOS 12 Devices Checklist