CIS CISCO Firewall Benchmark 4.1.0 Checklist Details (Checklist Revisions)
NOTE
This is not the current revision of this Checklist, view the current revision.
Supporting Resources:
-
Download Prose - CIS Cisco Firewall Benchmark v3.0.0
- Center for Internet Security (CIS)
Target:
Target | CPE Name |
---|---|
Cisco ASA 8 | cpe:/h:cisco:asa:8 (View CVEs) |
Cisco ASA 9 | cpe:/h:cisco:asa:9 (View CVEs) |
Checklist Highlights
- Checklist Name:
- CIS CISCO Firewall Benchmark
- Checklist ID:
- 393
- Version:
- 4.1.0
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Third Party: Center for Internet Security (CIS)
- Original Publication Date:
- 11/17/2011
Checklist Summary:
This document, Security Configuration Benchmark for Cisco Firewall Appliances, provides prescriptive guidance for establishing a secure configuration posture for Cisco Firewall Appliances versions 7.1 - 8.4. This guide was tested against Cisco ASA 8.2 as installed by ASA823-k8.bin To obtain the latest version of this guide, please visit http://cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at feedback@cisecurity.org.
Checklist Role:
- Enterprise Firewall
- Enterprise Router
- Firewall
Known Issues:
Not provided.
Target Audience:
This benchmark is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate a Cisco Firewall Appliance.
Target Operational Environment:
- Managed
Testing Information:
This guide was tested against Cisco ASA 8.2 as installed by ASA823-k8.bin
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Not provided.
Disclaimer:
Proper use of the recommendations requires careful analysis and adaptation to specific user requirements. The recommendations are not in any way intended to be a quick fix for anyone's information security needs. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the products or the recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any product or recommendation. CIS is providing the products and the recommendations as is and as available without representations, warranties or covenants of any kind.
Product Support:
feedback@cisecurity.org
Point of Contact:
feedback@cisecurity.org.
Sponsor:
Not provided.
Licensing:
The Products are protected by copyright and other intellectual property laws and by international treaties. We acknowledge and agree that we are not acquiring title to any intellectual property rights in the Products and that full title and all ownership rights to the Products will remain the exclusive property of CIS or CIS Parties. CIS reserves all rights not expressly granted to users in the preceding section entitled "Grant of limited rights." Subject to the paragraph entitled "Special Rules" (which includes a waiver, granted to some classes of CIS Members, of certain limitations in this paragraph), and except as we may have otherwise agreed in a written agreement with CIS, we agree that we will not (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive the source code for any software Product that is not already in the form of source code; (ii) distribute, redistribute, encumber, sell, rent, lease, lend, sublicense, or otherwise transfer or exploit rights to any Product or any component of a Product; (iii) post any Product or any component of a Product on any website, bulletin board, ftp server, newsgroup, or other similar mechanism or device, without regard to whether such mechanism or device is internal or external, (iv) remove or alter trademark, logo, copyright or other proprietary notices, legends, symbols or labels in any Product or any component of a Product; (v) remove these Agreed Terms of Use from, or alter these Agreed Terms of Use as they appear in, any Product or any component of a Product; (vi) use any Product or any component of a Product with any derivative works based directly on a Product or any component of a Product; (vii) use any Product or any component of a Product with other products or applications that are directly and specifically dependent on such Product or any component for any part of their functionality, or (viii) represent or claim a particular level of compliance with a CIS Benchmark, scoring tool or other Product. We will not facilitate or otherwise aid other individuals or entities in any of the activities listed in this paragraph. We hereby agree to indemnify, defend and hold CIS and all of its officers, directors, members, contributors, employees, authors, developers, agents, affiliates, licensors, information and service providers, software suppliers, hardware suppliers, and all other persons who aided CIS in the creation, development or maintenance of the Products or Recommendations ("CIS Parties") harmless from and against any and all liability, losses, costs and expenses (including attorneys' fees and court costs) incurred by CIS or any CIS Party in connection with any claim arising out of any violation by us of the preceding paragraph, including without limitation CISÃ?¢ââ??‰â??¢s right, at our expense, to assume the exclusive defense and control of any matter subject to this indemnification, and in such case, we agree to cooperate with CIS in its defense of such claim. We further agree that all CIS Parties are third-party beneficiaries of our undertakings in these Agreed Terms of Use.
Change History:
Changing status to UNDER REVIEW - 4/12/18 Update to FINAL - 5/15/18 updated reference link per CIS instruction - 8/7/18 updated URLs - 7/25/19 Updated Reference URLs - 7/31/19
Dependency/Requirements:
URL | Description |
---|---|
https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config.html | Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 |
https://www.nsa.gov/what-we-do/cybersecurity/ | National Security Agency (2009). NSA Information Assurance |
References:
Reference URL | Description |
---|