Hi,
We have found some nice tools in NCM.
In Compliance Policy Reports we saw some DISA reports.
We saw policing against CIS benchmarks was available with Nessus professional (but that requires a device online and realtime access).
We we're wondering if it would be possible to create similar compliance policies based on CIS Security Benchmarks which could be run against "offline" configs.
Attached I send some CIS Benchmarks for Cisco ASA firewall.
In that file there are certain recommendations, remediation, audit and rationale for each rule.
For example:
3.1.1 Set 'no ip source-route' (Scored)
Profile Applicability:
Level 1
Description:
Disable the handling of IP datagrams with source routing header options.
Rationale:
Source routing is a feature of IP whereby individual packets can specify routes. This feature is used in several kinds of attacks. Cisco routers normally accept and process source routes. Unless a network depends on source routing, it should be disabled.
Audit:
Verify the command string result returns hostname#sh run | incl ip source-route
Remediation:
Disable source routing. hostname(config)#no ip source-route
Impact:
Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled.
Default Value:
Enabled by default
