Detections
Analytics

800-53|SC-7(15)

Title

ROUTE PRIVILEGED NETWORK ACCESSES

Description

The information system routes all networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing.

Reference Item Details

Related: AC-2,AC-3,AU-2,SI-4

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 12 L1 v4.0.0
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
3.1 Enable the Firewall Stealth RuleCheckPointCIS Check Point Firewall L2 v1.1.0
3.3 Ensure SharePoint implements security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
FireEye - User connections are limited by subnet or VLANFireEyeTNS FireEye
Network Security - Use the Out-of-Band (OOB) interface for all management related trafficJuniperJuniper Hardening JunOS 12 Devices Checklist