CSCv7|11.5

Title

Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions

Description

Manage all network devices using multi-factor authentication and encrypted sessions.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.4 Ensure Exec Timeout for Console Sessions is set	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.7 Disable the Telnet Feature	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.4.3 Configure SNMPv3 - engineID	Cisco	CIS Cisco NX-OS L1 v1.0.0
1.4.3 Configure SNMPv3 - engineID	Cisco	CIS Cisco NX-OS L2 v1.0.0
1.4.3 Configure SNMPv3 - group v3	Cisco	CIS Cisco NX-OS L1 v1.0.0
1.4.3 Configure SNMPv3 - group v3	Cisco	CIS Cisco NX-OS L2 v1.0.0
1.5.3 Configure SNMPv3	Cisco	CIS Cisco NX-OS L2 v1.1.0
2.3.1 Ensure only SNMPv3 is enabled	FortiGate	CIS Fortigate 7.0.x v1.3.0 L2
2.3.1 Ensure only SNMPv3 is enabled	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv1/snmpv2c communities don't exist	FortiGate	CIS Fortigate Level 2 v1.1.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv1/snmpv2c communities don't exist	FortiGate	CIS Fortigate Level 2 v1.0.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv3 user exist	FortiGate	CIS Fortigate Level 2 v1.1.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv3 user exist	FortiGate	CIS Fortigate Level 2 v1.0.0
3.1.3 Forbid Dial in Access	Juniper	CIS Juniper OS Benchmark v2.0.0 L2
3.1.3 Forbid Dial in Access	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.1 Ensure SSH Service is Configured if Remote CLI is Required	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.1 Ensure SSH Service is Configured if Remote CLI is Required	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
6.10.1.2 Ensure SSH is Restricted to Version 2	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.2 Ensure SSH is Restricted to Version 2	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
6.10.1.3 Ensure SSH Connection Limit is Set	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
6.10.1.3 Ensure SSH Connection Limit is Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.4 Ensure SSH Rate Limit is Configured	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.4 Ensure SSH Rate Limit is Configured	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
6.10.1.5 Ensure Remote Root-Login is denied via SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.6 Ensure Strong Ciphers are set for SSH	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
6.10.1.6 Ensure Strong Ciphers are set for SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - ciphers restriction	Juniper	CIS Juniper OS Benchmark v2.0.0 L2
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - ciphers restriction	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - weak ciphers	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - weak ciphers	Juniper	CIS Juniper OS Benchmark v2.0.0 L2
6.10.1.8 Ensure Strong MACs are set for SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.8 Ensure Strong MACs are set for SSH	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
6.10.1.9 Ensure Strong Key Exchange Methods are set for SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.9 Ensure Strong Key Exchange Methods are set for SSH	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - key-exchange restriction	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - key-exchange restriction	Juniper	CIS Juniper OS Benchmark v2.0.0 L2
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - weak key-exchange	Juniper	CIS Juniper OS Benchmark v2.0.0 L2
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - weak key-exchange	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.11 Ensure Strong Key Signing Algorithms are set for SSH	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
6.10.1.11 Ensure Strong Key Signing Algorithms are set for SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - DSA keys	Juniper	CIS Juniper OS Benchmark v2.0.0 L2
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - DSA keys	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - ECDSA Key	Juniper	CIS Juniper OS Benchmark v2.0.0 L2
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - ECDSA Key	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.13 Ensure SSH Key Authentication is Disabled	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.2.1 Ensure Web-Management is not Set to HTTP	Juniper	CIS Juniper OS Benchmark v2.0.0 L1
6.10.2.1 Ensure Web-Management is not Set to HTTP	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.2.2 Ensure Web-Management is Set to use HTTPS	Juniper	CIS Juniper OS Benchmark v2.1.0 L1

Detections

Analytics

CSCv7|11.5

Title

Description

Reference Item Details

Audit Items