You are on page 1of 3

policy_status: compliance_results https://192.168.1.5/webui/policy_status/compliance_results?report_typ...

Configuration Policy Analysis
2017-07-05 10:49:42

Policy PCI DSS 2.0 IOS
This policy is provided to the user as is, and is meant as a general interpretation of the PCI DSS 2.0 framework. The function of this policy is to provide the user with a starting point from which a more detailed and
specific compliance effort can be created. You should use this policy without modification only after you have reviewed it and determined that it does or does not apply to your specific needs. For further reference to
more detailed PCI compliance requirements, please check PCI documentation found at: https://www.pcisecuritystandards.org/

Error
Last Check: 2017-07-05 10:49:42

Policy Summary:
Pass 8 (29.63%)
Fail 10 (37.04%)
Error 8 (29.63%)
Warning 1 (3.70%)
Info 1 (3.70%)
Skip 9 (33.33%)
Unknown 0 (0.00%)
Checked 18 (66.67%)

Rules Summary:
IOS BOOTP Server:IOS-BTP-001 Error
IOS CDP Service:IOS-CDP-001 Info
IOS Enable Secret:IOS-ENA-001 Pass
IOS Finger Service (11.2-):IOS-FNGR-001 Skip
IOS Finger Service (11.3-12.0):IOS-FNGR-002 Skip
IOS Finger Service (12.1+):IOS-FNGR-003 Skip
IOS HTTP Server:IOS-HTTP-001 Skip
IOS Identd Service:IOS-IDNT-001 Skip
IOS Timestamps Logging:IOS-LOG-002 Pass
IOS Disable MOP:IOS-NMOP-001 Warning
IOS Disable NTP:IOS-NTP-009 Pass
IOS PAD Service:IOS-PAD-001 Error
IOS Service Config:IOS-SCFG-001 Pass
IOS IP Source Route:IOS-SCRT-001 Error
IOS SNMP RW Communities:IOS-SNMP-004 Error
IOS TCP Small-Servers (11.2-):IOS-TCP-004 Skip
IOS TCP Small-Servers (11.3+):IOS-TCP-005 Skip
IOS UDP Small-Servers (11.2-):IOS-UDP-001 Skip
IOS UDP Small-Servers (11.3+):IOS-UDP-002 Skip
IOS VTY Access Class Inbound:IOS-VTY-002 Error
IOS Two Factor Authentication:IOS-AAA-003 Error
IOS Console Exec 15 Minute Timeout:IOS-CON-005 Pass
IOS Console Local or AAA Login:IOS-CON-006 Error
IOS VTY Transport Input SSH:IOS-VTY-007 Pass
IOS VTY AAA Login:IOS-VTY-008 Error
IOS VTY Exec 15 Minute Timeout:IOS-VTY-009 Pass
IOS User Secrets:IOS-USER-004 Pass

Device R1.necsia.local
IP: 192.168.1.15
Model: 3945
Version: 15.4(1.24)T0.9
Last Check: 2017-07-05 11:03:49

1 de 3 5/7/17 11:09

2 and 2. The function of this rule is to provide the user with a starting point from which a more detailed and specific compliance effort can be created. SANS.2.4. and PCI DSS 1. Switch) Info Message: CDP is NOT disabled Remediation: Disable the CDP service globally.2 and 2. PCI 2. Logic: Running config file contains all: ^no cdp run and Running config file does not contain any: Rule IOS Enable Secret Use enable secret for enable level access to device. SANS 2. Switch-Router. Remediation: Disable the BOOTP server. You should use this rule without modification only after you have reviewed it and determined that it does or does not apply to your specific needs.0 frameworks. The function of this rule is to provide the user with a starting point from which a more detailed and specific compliance effort can be created. Switch-Router. Logic: Running config file contains some: ^no ip bootp server Running config file contains some: ^ip dhcp bootp ignore Rule IOS CDP Service Disable CDP (Cisco Discovery Protocol) service globally. and is meant as a general interpretation of the NSA 1. References: NSA. and PCI DSS 1.. SANS 5. Rule IOS BOOTP Server Ensure the BOOTP server is disabled.2 and 2. Switch) Pass Message: Enable secret set Remediation: Create an enable secret for access to the device. PCI 2. Filter: Rule: 1 and 2 and 3 1: (devicevendor matches 'Cisco') 2: (devicesysdescr contains 'IOS') 3: devicetype in (Router. SANS 5. Switch) Error Message: Running config file does not contain any of the specified lines. Logic: Running config file contains one block: ^enable secret( level \d+)? 5 \S+ and Running config file does not contain any: 2 de 3 5/7/17 11:09 .1. Filter: Rule: 1 and 2 and 3 1: (devicevendor matches 'Cisco') 2: (devicesysdescr contains 'IOS') 3: devicetype in (Router.2 This rule is provided to the user as is.1.. Filter: Rule: 1 and 2 and 3 1: (devicevendor matches 'Cisco') 2: (devicesysdescr contains 'IOS') 3: devicetype in (Router.1c.8.168. SANS.policy_status: compliance_results https://192. You should use this rule without modification only after you have reviewed it and determined that it does or does not apply to your specific needs.5.5/webui/policy_status/compliance_results?report_typ.2 This rule is provided to the user as is. and is meant as a general interpretation of the NSA 1. SANS. Switch-Router.1. and PCI DSS 1.0 frameworks. You should use this rule without modification only after you have reviewed it and determined that it does or does not apply to your specific needs.1c. The function of this rule is to provide the user with a starting point from which a more detailed and specific compliance effort can be created. PCI 8. References: NSA.1c. References: NSA.1.2.0 frameworks.4 This rule is provided to the user as is. and is meant as a general interpretation of the NSA 1.

1.policy_status: compliance_results https://192. 3 de 3 5/7/17 11:09 .5/webui/policy_status/compliance_results?report_typ..168..