Version 34
Created by CourtesyIT Expert on Dec 15, 2017 9:56 AM. Last modified by CourtesyIT Expert on Aug 31, 2018 10:54 AM.

    Thank you for choosing this document.  You will need to supply vendor specific CLI or Regular expression statements for these checks.

     

    You will need to create TWO Custom Properties for your Devices.

     

    Name the first column "C1_DeviceType" and include the following drop-down selections:

    L2SW  -  Layer 2 Switches

    IL3S  -  Infrastructure Layer 3 Switches

    IRTR  -  Infrastructure Routers

    PL3S  -  Perimeter Layer 3 Switches

    PRTR  -  Perimeter Routers

    XE    -  IOS-XE Routers

    F5 - F5 Load Balancers

    FW - Firewall Devices

    IPSEC - IPSEC VPN Devices

    SRX - Juniper SRX Devices

    IDPS - Intrusion Detection and Prevention Systems

    NIPR - WLAN Access Point (Enclave-NIPRNet Connected)

    IGOC - WLAN Access Point (Internet Gateway Only Connection)

    CNTRL - WLAN Controller

    BRDG - WLAN Bridge

     

    Name the second custom property "C2_OS" and include the following drop-down selections:

    OSXE  -  To support IOS and IOS-XE devices

    NXOS  -  To support Nexus OS

    ASA   -  To support ASA OS

    IOSXE  -  To support IOS-XE Routers

    F5 - To support F5 Big IP Load Balancers

    FW - To support Firewall SRG devices

    VPN - To support VPN specific STIGs

    SRG - To support SRG Type Documentation

    SRX - To support SRX Device Management

    PANOS - To support Palo Alto Firewalls

     

    This file was uploaded from the "Shared on Thwack" Tab via NCM Compliance tree.

     

    Thanks and stay tuned...........

     

    Guess What?  I have developed a class to assist you in your CCRI's, SAVs, and other Auditing events.  Check it out.

    https://loop1.com/modular-data/storage/2d7e/loop1-advanced-ncm---disa-stig-compliance-2eae.pdf

     

     

    Regular Expression Short-Cuts

    Regular Expression Pattern Matching

    Everything You Ever Wanted to Know About Regular Expressions in NCM But Were Afraid to Ask

     

    Cisco STIGs

     

    This Policy Document will evaluate every port (TenGigabit, GigabitEthernet, FastEthernet, Ethernet) on your network device.

    CSCO-OSXE-Port Management

     

    Cisco IOS XE Release 3 NDM Security Technical Implementation Guide:  Version: 1:  Release: 4:   27 Apr 2018

        CSCO-IOSXE-NDM - User Access

        CSCO-IOSXE-NDM - SNMP SSH and VTY

        CSCO-IOSXE-NDM - Services

        CSCO-IOSXE-NDM - NTP

        CSCO-IOSXE-NDM - Logging Part 1

        CSCO-IOSXE-NDM - Account Access

        CSCO-IOSXE-NDM - Logging Part 2

     

    Cisco IOS XE Release 3 RTR Security Technical Implementation Guide:  Version: 1:  Release: 4:   27 Apr 2018

        CSCO-IOSXE-RTR - Service

        CSCO-IOSXE-RTR - Routing Protocol

        CSCO-IOSXE-RTR - Multicast and IPv6

        CSCO-IOSXE-RTR - ACL

     

    Firewall Security Technical Implementation Guide - Cisco Version: 8:  Release: 25:  26 Jan 2018

    CSCO-ASA - VTY and Console

    CSCO-ASA - VPN and Tunneling

    CSCO-ASA - User Access

    CSCO-ASA - SNMP and SSH

    CSCO-ASA - Service

    CSCO-ASA - Routing and ACL

    CSCO-ASA - OOB

    CSCO-ASA - Manual Review

    CSCO-ASA - Logging and NTP

    CSCO-ASA - IPv6

    CSCO-ASA - Access Accounts

     

    Perimeter Router - Cisco Security Technical Implementation Guide Version: 8:  Release: 29: 27 April 2018

    CSCO-OSXE-PRTR - Account Access

    CSCO-OSXE-PRTR - VTY and Console

    CSCO-OSXE-PRTR - User Access

    CSCO-OSXE-PRTR - Tunneling

    CSCO-OSXE-PRTR - Services

    CSCO-OSXE-PRTR - SNMP and SSH

    CSCO-OSXE-PRTR - Routing Protocol

    CSCO-OSXE-PRTR - QoS and VPN

    CSCO-OSXE-PRTR - OOB

    CSCO-OSXE-PRTR - Logging and NTP

    CSCO-OSXE-PRTR - IPv6 and Multicast

    CSCO-OSXE-PRTR - External Interface

    CSCO-OSXE-PRTR - ACL

     

    Perimeter L3 Switch - Cisco Security Technical Implementation Guide Version: 8:  Release: 29: 27 Apr 2018

    CSCO-OSXE-PL3S - VTY and Console

    CSCO-OSXE-PL3S - VLANs

    CSCO-OSXE-PL3S - User Access

    CSCO-OSXE-PL3S - Tunneling

    CSCO-OSXE-PL3S - Switch Interface

    CSCO-OSXE-PL3S - SNMP and SSH

    CSCO-OSXE-PL3S - Services

    CSCO-OSXE-PL3S - Router Interface

    CSCO-OSXE-PL3S - Logging and NTP

    CSCO-OSXE-PL3S - IPv6 and Multicast

    CSCO-OSXE-PL3S - ACL

    CSCO-OSXE-PL3S - Bidirectional ACL

    CSCO-OSXE-PL3S - Account Access

     

    Layer 2 Switch Security Technical Implementation Guide - Cisco Version: 8:  Release: 24:  27 Apr 2018

    CSCO-OSXE-L2SW - User Access

    CSCO-OSXE-L2SW - Switch Interface

    CSCO-OSXE-L2SW - SNMP and SSH

    CSCO-OSXE-L2SW - Services

    CSCO-OSXE-L2SW - OOB

    CSCO-OSXE-L2SW - Logging and NTP

    CSCO-OSXE-L2SW - Account Access

    CSCO-OSXE-L2SW - VTY and Console

    CSCO-OSXE-L2SW - VLANs

     

    Infrastructure Router Secure Technical Implementation Guide - Cisco Version: 8:  Release: 26:  27 Apr 2018

    CSCO-OSXE-IRTR - VTY and Console

    CSCO-OSXE-IRTR - User Access

    CSCO-OSXE-IRTR - Tunneling

    CSCO-OSXE-IRTR - Services

    CSCO-OSXE-IRTR - SNMP and SSH

    CSCO-OSXE-IRTR - Routing Protocol

    CSCO-OSXE-IRTR - QoS and VPN

    CSCO-OSXE-IRTR - OOB

    CSCO-OSXE-IRTR - Logging and NTP

    CSCO-OSXE-IRTR - IPv6 and Multicast

    CSCO-OSXE-IRTR - ACL

    CSCO-OSXE-IRTR - Account Access

     

    Infrastructure L3 Switch Secure Technical Implementation Guide - Cisco Version: 8:  Release: 26:  27 Apr 2018

    CSCO-OSXE-IL3S - VLANs

    CSCO-OSXE-IL3S - VTY and Console

    CSCO-OSXE-IL3S - User Access

    CSCO-OSXE-IL3S - Tunneling

    CSCO-OSXE-IL3S - Switch Interface

    CSCO-OSXE-IL3S - SNMP and SSH

    CSCO-OSXE-IL3S - Services

    CSCO-OSXE-IL3S - Routing Protocol

    CSCO-OSXE-IL3S - QoS and VPN

    CSCO-OSXE-IL3S - OOB

    CSCO-OSXE-IL3S - Account Access

    CSCO-OSXE-IL3S - Logging and NTP

    CSCO-OSXE-IL3S - IPv6 and Multicast

    CSCO-OSXE-IL3S - ACL

     

    F5 STIGs

     

    F5 BIG-IP Access Policy Manager (APM) 11.x STIG- Ver 1, Rel 1

        STIG-F5-BIGIP-AP-01.xml

        STIG-F5-BIGIP-AP-02.xml

        STIG-F5-BIGIP-AP-03.xml

     

    F5 BIG-IP Advanced Firewall Manager (AFM) 11.x STIG - Ver 1, Rel 1

        STIG-F5-BIGIP-AF-01.xml

     

    F5 BIG-IP Application Security Manager (ASM) 11.x STIG - Ver 1, Rel 1

        STIG-F5-BIGIP-AS-01.xml

        STIG-F5-BIGIP-AS-02.xml

     

    F5 Big-IP Device Management 11.x STIG - Ver 1, Rel 5

        STIG-F5-BIGIP-DM-01.xml

        STIG-F5-BIGIP-DM-02.xml

        STIG-F5-BIGIP-DM-03.xml

        STIG-F5-BIGIP-DM-04.xml

        STIG-F5-BIGIP-DM-05.xml

        STIG-F5-BIGIP-DM-06.xml

        STIG-F5-BIGIP-DM-07.xml

        STIG-F5-BIGIP-DM-08.xml

     

    F5 BIG-IP Local Traffic Manager (LTM) 11.x STIG - Ver 1, Rel 2

        STIG-F5-BIGIP-LT-01.xml

        STIG-F5-BIGIP-LT-02.xml

        STIG-F5-BIGIP-LT-03.xml

        STIG-F5-BIGIP-LT-04.xml

        STIG-F5-BIGIP-LT-05.xml

        STIG-F5-BIGIP-LT-06.xml

        STIG-F5-BIGIP-LT-07.xml

     

    SRG - Security Requirements Guides

     

    Draft Router SRG Ver 3                        

    SRG-Router - Section 01

    SRG-Router - Section 02

    SRG-Router - Section 03

    SRG-Router - Section 04

    SRG-Router - Section 05

    SRG-Router - Section 06

     

    Firewall Security Requirements Guide:  Version: 1:  Release: 1: 16 Mar 2018

    Firewall-SRG - Section 4

    Firewall-SRG - Section 3

    Firewall-SRG - Section 2

    Firewall-SRG - Section 1

     

    Layer 2 Switch Security Requirements Guide:  Version: 1:  Release: 2:   27 Jul 2018

    SRG-Layer 2 Switch - VLAN

    SRG-Layer 2 Switch - Switch Interfaces

    SRG-Layer 2 Switch - Services

     

    Network Device Management Security Requirements Guide:  Version: 2:  Release: 14:  27 Jul 2018

    SRG-Network Device Mgt - SSH and SNMP

    SRG-Network Device Mgt - Services

    SRG-Network Device Mgt - NTP

    SRG-Network Device Mgt - Logging

    SRG-Network Device Mgt - Authorization

    SRG-Network Device Mgt - Authentication

    SRG-Network Device Mgt - Accounting

     

     

    Juniper STIGs

     

    Juniper SRX SG VPN Security Technical Implementation Guide Version: 1:  Release: 2:  27 Oct 2017

    Juniper-SRX-SG-VPN - Section 1

    Juniper-SRX-SG-VPN - Section 2

    Juniper-SRX-SG-VPN - Section 3

     

    Juniper SRX SG NDM Security Technical Implementation Guide Version: 1:  Release: 2:  27 Jan 2017

    Juniper-SRX-SG-NDM - SNMP

    Juniper-SRX-SG-NDM - Service

    Juniper-SRX-SG-NDM - SSH

    Juniper-SRX-SG-NDM - User Access

    Juniper-SRX-SG-NDM - NTP

    Juniper-SRX-SG-NDM - Logging 2

    Juniper-SRX-SG-NDM - Logging 1

    Juniper-SRX-SG-NDM - AAA

     

    Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1:  Release: 2:  28 Jul 2017

    Juniper-SRX-SG-IDPS - Section 1

    Juniper-SRX-SG-IDPS - Section 2

    Juniper-SRX-SG-IDPS - Section 3

     

    Juniper SRX SG ALG Security Technical Implementation Guide:  Version: 1:  Release: 3: 27 Apr 2018

    JUNIPER-SRX-SG-ALG - Services

    JUNIPER-SRX-SG-ALG - Logging and NTP

    JUNIPER-SRX-SG-ALG - ACL

     

    Perimeter Router Security Technical Implementation Guide Juniper Version: 8:  Release: 28  26 Jan 2018

    JNPR-JNOS-PRTR - VTY and Console

    JNPR-JNOS-PRTR - User Access

    JNPR-JNOS-PRTR - Tunneling

    JNPR-JNOS-PRTR - SNMP and SSH

    JNPR-JNOS-PRTR - Services

    JNPR-JNOS-PRTR - Routing Protocol

    JNPR-JNOS-PRTR - Router Interface

    JNPR-JNOS-PRTR - QoS and VPN

    JNPR-JNOS-PRTR - OOB

    JNPR-JNOS-PRTR - IPv6 and Multicast

    JNPR-JNOS-PRTR - ACL

    JNPR-JNOS-PRTR - Access Account

    JNPR-JNOS-PRTR - Logging and NTP

     

    Infrastructure Router Security Technical Implementation Guide Juniper Version: 8:  Release: 25:  26 Jan 2018

    JNPR-JNOS-IRTR - VTY and Console

    JNPR-JNOS-IRTR - User Access

    JNPR-JNOS-IRTR - Tunneling

    JNPR-JNOS-IRTR - SNMP and SSH

    JNPR-JNOS-IRTR - Services

    JNPR-JNOS-IRTR - Routing Protocol

    JNPR-JNOS-IRTR - QoS and VPN

    JNPR-JNOS-IRTR - OOB

    JNPR-JNOS-IRTR - Logging and NTP

    JNPR-JNOS-IRTR - IPv6 and Multicast

    JNPR-JNOS-IRTR - ACL.xml

    JNPR-JNOS-IRTR - Account Access

     

    Palo Alto Networks STIGs

     

    Palo Alto Networks ALG Security Technical Implementation Guide Version: 1:  Release: 3:  28 Jul 2017

    STIG-V1R3-PANW-ALG-01.xml

    STIG-V1R3-PANW-ALG-02.xml

    STIG-V1R3-PANW-ALG-03.xml

    STIG-V1R3-PANW-ALG-04.xml

    STIG-V1R3-PANW-ALG-05.xml

     

    Palo Alto Networks IDPS Security Technical Implementation Guide Version: 1:  Release: 1:  30 Nov 2015

    STIG-V1R1-PANW-IDS-01.

    STIG-V1R1-PANW-IDS-02.

    STIG-V1R1-PANW-IDS-03.

     

    Palo Alto Networks NDM Security Technical Implementation Guide Version: 1:  Release: 3:  28 Jul 2017

    STIG-V1R3-PANW-NDM-01.

    STIG-V1R3-PANW-NDM-02.

    STIG-V1R3-PANW-NDM-03.

    STIG-V1R3-PANW-NDM-04.

     

    A10

    A10 Networks ADC NDM Security Technical Implementation Guide: Version: 1: Release: 1: 15 Apr 2016

    A10-NDM - Account Access

    A10-NDM - FIPS

    A10-NDM - Logging

    A10-NDM - NTP

    A10-NDM - User Access

     

    A10 Networks ADC ALG Security Technical Implementation Guide: Version: 1: Release: 1: 15 Apr 2016

    A10-ALG - Security I

    A10-ALG - Security II

    A10-ALG - Transmit

     

    Arista Networks

    Arista MLS DCS-7000 Series L2S Security Technical Implementation Guide:  Version: 1:  Release: 2 : 22 Apr 2016

    ARISTA-MLS-DCS-7000-L2SW

    ARISTA-AMLS-7k-NM - User Access

    ARISTA-AMLS-7k-NM - Service

    ARISTA-AMLS-7k-NM - Logging and NTP

    ARISTA-AMLS-7k-NM - Account Access

    ARISTA-AMLS-7k-L3 - Service

    ARISTA-AMLS-7k-L3 - Routing Protocol

    ARISTA-AMLS-7k-L3 - Multicast and IPv6

    ARISTA-AMLS-7k-L3 - ACL

     

     

    Riverbed

     

    HP FlexFabric

    HP FlexFabric Switch L2S Security Technical Implementation Guide:  Version: 1:  Release: 1:  26 Feb 2016

    HP-FlexFabric-L2SW - Interface

    HP-FlexFabric-L2SW - Service

    HP-FlexFabric-L2SW - VLAN

     

    HP FlexFabric Switch NDM Security Technical Implementation Guide:  Version: 1:  Release: 1:  26 Feb 2016

    HP-FlexFabric-NDM - User Access

    HP-FlexFabric-NDM - Service

    HP-FlexFabric-NDM - Logging and NTP

    HP-FlexFabric-NDM - Account Access

     

    HP FlexFabric Switch RTR Security Technical Implementation Guide:  Version: 1:  Release: 1:  26 Feb 2016

    HP-FlexFabric-RTR - Service

    HP-FlexFabric-RTR - Routing Protocol

    HP-FlexFabric-RTR - IPv6-Multicast-QoS

     

     

    Others

     

    IPSec VPN Gateway Security Technical Implementation Guide:  Version: 1:  Release: 15: 27 Apr 2018

    IPSEC-VPN - VTY and Console

    IPSEC-VPN - User Access

    IPSEC-VPN - SNMP and SSH

    IPSEC-VPN - Services

    IPSEC-VPN - Routing Protocol

    IPSEC-VPN - QoS and VPN

    IPSEC-VPN - OOB

    IPSEC-VPN - Logging and NTP

    IPSEC-VPN - Account Access

     

     

     

    WLAN

     

    WLAN Access Point (Enclave-NIPRNet Connected) Security Technical Implementation Guide (STIG) Version: 6  Release: 14   27 Apr 2018

    WLAN-NIPR - Access Account

    WLAN-NIPR - NTP

    WLAN-NIPR - OOB

    WLAN-NIPR - Services

    WLAN-NIPR - SSH and SNMP

    WLAN-NIPR - Transmit

    WLAN-NIPR - User Access

    WLAN-NIPR - VTY and Console

     

    WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) Version: 6  Release: 14   27 Apr 2018

    WLAN-IGOC - VTY and Console

    WLAN-IGOC - User Access

    WLAN-IGOC - Transmit

    WLAN-IGOC - SSH and SNMP

    WLAN-IGOC - Services

    WLAN-IGOC - OOB

    WLAN-IGOC - NTP

    WLAN-IGOC - Access Account

     

    WLAN Controller Security Technical Implementation Guide (STIG) Version: 6  Release: 14   27 Apr 2018

    WLAN-CNTRL - VTY and Console

    WLAN-CNTRL - User Access

    WLAN-CNTRL - Transmit

    WLAN-CNTRL - SSH and SNMP

    WLAN-CNTRL - Services

    WLAN-CNTRL - OOB

    WLAN-CNTRL - NTP

    WLAN-CNTRL - Access Account

     

    WLAN Bridge Security Technical Implementation Guide (STIG) Version: 6  Release: 14  27 Apr 2018

    WLAN-BRDG - VTY and Console

    WLAN-BRDG - User Access

    WLAN-BRDG - SSH and SNMP

    WLAN-BRDG - Transmit

    WLAN-BRDG - Services

    WLAN-BRDG - OOB

    WLAN-BRDG - NTP

    WLAN-BRDG - Access Account