Checklist Summary:

This document, Security Configuration Benchmark for Cisco IOS, provides prescriptive guidance for establishing a secure configuration posture for Cisco Router running Cisco IOS version 15.0M. This guide was tested against Cisco IOS IP Advanced IP Services v15.0.1 as installed by c880data-universalk9-mz.150-1.M4.bin. To obtain the latest version of this guide, please visit http://cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at feedback@cisecurity.org.

Checklist Role:

• Router

Known Issues:

Not provided.

Target Audience:

This benchmark is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Cisco IOS on a Cisco routing and switching platforms.

Target Operational Environment:

• Managed

Testing Information:

This guide was tested against Cisco IOS IP Advanced IP Services v15.0.1 as installed by c880data-universalk9-mz.150-1.M4.bin.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Proper use of the recommendations requires careful analysis and adaptation to specific user requirements. The recommendations are not in any way intended to be a quick fix for anyones information security needs. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the products or the recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any product or recommendation. CIS is providing the products and the recommendations as is and as available without representations, warranties or covenants of any kind.

Product Support:

feedback@cisecurity.org

Point of Contact:

feedback@cisecurity.org

Sponsor:

Not provided.

Licensing:

The Products are protected by copyright and other intellectual property laws and by international treaties. We acknowledge and agree that we are not acquiring title to any intellectual property rights in the Products and that full title and all ownership rights to the Products will remain the exclusive property of CIS or CIS Parties. CIS reserves all rights not expressly granted to users in the preceding section entitled "Grant of limited rights." Subject to the paragraph entitled "Special Rules" (which includes a waiver, granted to some classes of CIS Members, of certain limitations in this paragraph), and except as we may have otherwise agreed in a written agreement with CIS, we agree that we will not (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive the source code for any software Product that is not already in the form of source code; (ii) distribute, redistribute, encumber, sell, rent, lease, lend, sublicense, or otherwise transfer or exploit rights to any Product or any component of a Product; (iii) post any Product or any component of a Product on any website, bulletin board, ftp server, newsgroup, or other similar mechanism or device, without regard to whether such mechanism or device is internal or external, (iv) remove or alter trademark, logo, copyright or other proprietary notices, legends, symbols or labels in any Product or any component of a Product; (v) remove these Agreed Terms of Use from, or alter these Agreed Terms of Use as they appear in, any Product or any component of a Product; (vi) use any Product or any component of a Product with any derivative works based directly on a Product or any component of a Product; (vii) use any Product or any component of a Product with other products or applications that are directly and specifically dependent on such Product or any component for any part of their functionality, or (viii) represent or claim a particular level of compliance with a CIS Benchmark, scoring tool or other Product. We will not facilitate or otherwise aid other individuals or entities in any of the activities listed in this paragraph. We hereby agree to indemnify, defend and hold CIS and all of its officers, directors, members, contributors, employees, authors, developers, agents, affiliates, licensors, information and service providers, software suppliers, hardware suppliers, and all other persons who aided CIS in the creation, development or maintenance of the Products or Recommendations ("CIS Parties") harmless from and against any and all liability, losses, costs and expenses (including attorneys' fees and court costs) incurred by CIS or any CIS Party in connection with any claim arising out of any violation by us of the preceding paragraph, including without limitation CIS's right, at our expense, to assume the exclusive defense and control of any matter subject to this indemnification, and in such case, we agree to cooperate with CIS in its defense of such claim. We further agree that all CIS Parties are third-party beneficiaries of our undertakings in these Agreed Terms of Use.

Change History:

11-07-2007-Version 2.2
10-31-2010-Version 2.3
11-25-2010-Version 2.3.1
12-09-2010-Version 2.3.2
12-15-2010-Version 2.3.3
12-31-2010-Version 2.4.0

Updated status from "Under Review" to "Final" - 21 July 2015
Removed bad reference link: http://www.cisco.com/en/US/docs/ios/iproute_ospf/command/reference/iro_book.html and http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper09186a00801dbf61.pdf - 08 June 2015
Version 3.0.0 - September 21, 2011
Changing status to UNDER REVIEW - 4/12/18
Update to FINAL - 5/15/18
updated reference per CIS instruction - 8/7/18
Updated URLs - 8/13/19
updated to 3.0.1  - 1/7/2020
updated ref link - 10/7/2021
Archive - 8/31/23

Dependency/Requirements:

URL	Description
https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html	Cisco Systems, Inc. (2011). Cisco Guide to Harden Cisco IOS Devices.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/command/ire-cr-book.html	Cisco Systems, Inc. (2010). Cisco IOS IP Routing: EIGRP Command Reference, Release 15.0.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mcl/allreleasemcl/all-book.html	Cisco Systems, Inc. (2010). Cisco IOS Network Management Command Reference, Release 15.0
https://www.cisco.com/c/en/us/td/docs/ios/iproute_bgp/command/reference/irg_book.html	Cisco Systems, Inc. (2010). Cisco IOS IP Routing: BGP Command Reference, Release 15.0.
https://www.cisco.com/c/en/us/td/docs/ios/iproute_pi/command/reference/iri_book.html	Cisco Systems, Inc. (2010). Cisco IOS IP Routing: Protocol Independent Command Reference, Release 15.0.
https://www.cisco.com/c/en/us/td/docs/ios/iproute_rip/command/reference/irr_book.html	Cisco Systems, Inc. (2010). Cisco IOS IP Routing: RIP Command Reference, Release 15.0.
https://www.cisco.com/c/en/us/td/docs/ios/ipswitch/command/reference/isw_book.html	Cisco Systems, Inc. (2010). Cisco IOS Switching Command Reference, Release 12.5.
https://www.cisco.com/c/en/us/td/docs/ios/termserv/command/reference/tsv_book.html	Cisco Systems, Inc. (2010). Cisco IOS Terminal Services Command Reference, Release 15.0.
https://www.cisco.com/c/en/us/td/docs/ios/wan/command/reference/wan_book.html	Cisco Systems, Inc. (2010). Cisco IOS Wide-Area Networking Command Reference, Release 15.0.
https://www.cisecurity.org/cis-benchmarks#CIS_Cisco_IOS_Benchmark_v2.4.0	Center for Information Security (2010). Cisco IOS Benchmark v2.4.

References:

Reference URL	Description

NIST checklist record last modified on 08/31/2023