CSCv7|11.2

Title

Document Traffic Configuration Rules

Description

All configuration rules that allow traffic to flow through network devices should be documented in a configuration management system with a specific business reason for each rule, a specific individual's name responsible for that business need, and an expected duration of the need.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.13 Ensure Cloud Asset Inventory Is Enabled	GCP	CIS Google Cloud Platform v1.3.0 L2
2.13 Ensure Cloud Asset Inventory Is Enabled	GCP	CIS Google Cloud Platform v2.0.0 L1
2.13 Ensure Cloud Asset Inventory Is Enabled	GCP	CIS Google Cloud Platform v1.3.0 L1
2.13 Ensure Cloud Asset Inventory Is Enabled	GCP	CIS Google Cloud Platform v3.0.0 L1
3.1 Ensure that unused policies are reviewed regularly	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
3.1 Ensure that unused policies are reviewed regularly	FortiGate	CIS Fortigate 7.0.x v1.3.0 L2
3.1.1.3 Configure EIGRP log-adjacency-changes	Cisco	CIS Cisco NX-OS L2 v1.0.0
3.1.1.3 Configure EIGRP log-adjacency-changes	Cisco	CIS Cisco NX-OS L1 v1.1.0
3.1.1.3 Configure EIGRP log-adjacency-changes	Cisco	CIS Cisco NX-OS L1 v1.0.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protections	Cisco	CIS Cisco NX-OS L2 v1.0.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protections	Cisco	CIS Cisco NX-OS L1 v1.1.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protections	Cisco	CIS Cisco NX-OS L1 v1.0.0
3.3 Ensure AWS Config is enabled in all regions	amazon_aws	CIS Amazon Web Services Foundations L2 3.0.0
3.4 Ensure Hit count is Enable for the rules	CheckPoint	CIS Check Point Firewall L2 v1.1.0
3.4 Ensure interface description is set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
3.4 Ensure interface description is set	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'	amazon_aws	CIS Amazon Web Services Foundations L2 1.4.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'	amazon_aws	CIS Amazon Web Services Foundations L2 1.4.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
3.5 Ensure AWS Config is enabled in all regions - 'Recording Status'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'	amazon_aws	CIS Amazon Web Services Foundations L2 1.4.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'	amazon_aws	CIS Amazon Web Services Foundations L2 1.4.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'	amazon_aws	CIS Amazon Web Services Foundations L1 1.3.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
3.8 Logging should be enable for all Firewall Rules	CheckPoint	CIS Check Point Firewall L2 v1.1.0
3.13 Ensure VPN traffic goes through the relevant ACL	Cisco	CIS Cisco ASA 9.x Firewall L2 v1.1.0
4.6 Ensure That IP Forwarding Is Not Enabled on Instances	GCP	CIS Google Cloud Platform v3.0.0 L1
35.2 (L1) Ensure 'Enable Domain Network Firewall: Default Inbound Action for Domain Profile' is set to 'Block'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L1
35.2 (L1) Ensure 'Enable Domain Network Firewall: Default Inbound Action for Domain Profile' is set to 'Block'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L1
35.3 (L1) Ensure 'Enable Domain Network Firewall: Disable Inbound Notifications' is set to 'True'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L1
35.3 (L1) Ensure 'Enable Domain Network Firewall: Disable Inbound Notifications' is set to 'True'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L1
35.5 (L1) Ensure 'Enable Private Network Firewall: Default Inbound Action for Private Profile' is set to 'Block'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L1
35.6 (L1) Ensure 'Enable Private Network Firewall: Disable Inbound Notifications' is set to 'True'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L1
35.8 (L1) Ensure 'Enable Public Network Firewall: Allow Local Ipsec Policy Merge' is set to 'False'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L1
35.9 (L1) Ensure 'Enable Private Network Firewall: Default Inbound Action for Private Profile' is set to 'Block'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L1
35.10 (L1) Ensure 'Enable Private Network Firewall: Disable Inbound Notifications' is set to 'True'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L1
35.10 (L1) Ensure 'Enable Public Network Firewall: Default Inbound Action for Public Profile' is set to 'Block'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L1
35.11 (L1) Ensure 'Enable Public Network Firewall: Disable Inbound Notifications' is set to 'True'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L1
35.16 (L1) Ensure 'Enable Public Network Firewall: Allow Local Ipsec Policy Merge' is set to 'False'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L1
35.18 (L1) Ensure 'Enable Public Network Firewall: Default Inbound Action for Public Profile' is set to 'Block'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L1
35.19 (L1) Ensure 'Enable Public Network Firewall: Disable Inbound Notifications' is set to 'True'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L1

Detections

Analytics

CSCv7|11.2

Title

Description

Reference Item Details

Audit Items