Detections
Analytics

CSCv6|11.7

Title

Manage the network infrastructure across network connections that are separated from the business use of that network, relying on separate VLANs or, preferably, on entirely different physical connectivity for management sessions for network devices.

Description

Manage the network infrastructure across network connections that are separated from the business use of that network, relying on separate VLANs or, preferably, on entirely different physical connectivity for management sessions for network devices.

Reference Item Details

Category: Secure Configurations for Network Devices

Family: Network

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS 15 L1 v4.0.1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS 16 L1 v1.1.0
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS 15 L1 v4.1.0
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS 16 L1 v1.1.1
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS 15 L1 v4.1.0
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS 16 L1 v1.1.1
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS 16 L1 v1.1.0
3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions included within the boundary containing security functions.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions.WindowsCIS Microsoft SharePoint 2016 OS v1.0.0