New CIS Cisco IOS 17 Benchmark v1.0.0 Audit Files Summary...
New CIS Cisco IOS 17 Benchmark v1.0.0 Audit Files Summary Customers can now measure compliance against the latest release of the Cisco IOS 17 Benchmark v1.0.0 from CIS with the new Cisco IOS 17 Benchmark v1.0.0 audits. These audits have been certified through CIS and can be viewed along with Tenable's other certified products at https://www.cisecurity.org/partner/tenable. Tenable Audit Files Cisco IOS 17 Benchmark v1.0.0 - Level 1 Cisco IOS 17 Benchmark v1.0.0 - Level 2 Target Release Date The audits can be download from the Tenable Audits Portal on July 18, 2022DISA STIG Networking Audits Being Retired Summary With the...
DISA STIG Networking Audits Being Retired Summary With the release of more specific guidance by DISA or the End of Life (EOL) for some products, a number of Tenable audits are being retired. Where applicable, a suggested replacement audit has been noted. Removed Tenable Audits Cisco DISA_STIG_Cisco_Perimeter_L3_Switch_V8R32.audit DISA_STIG_Cisco_Perimeter_Router_V8R32.audit DISA_STIG_Cisco_Infrastructure_Router_V8R29.audit DISA_STIG_Cisco_Infrastructure_L3_Switch_V8R29.audit Replacements for Perimeter/Infrastructure, depending on target OS: https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_Switch_RTR_v2r1 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_Switch_NDM_v2r3 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_Switch_L2S_v2r2 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_XE_Switch_NDM_v2r2 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_XE_Switch_RTR_v2r1 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_XE_Switch_L2S_v2r2 https://www.tenable.com/audits/DISA_STIG_Cisco_NX-OS_Switch_RTR_v2r1 https://www.tenable.com/audits/DISA_STIG_Cisco_NX-OS_Switch_L2S_v2r1 DISA_STIG_Cisco_Firewall_V8R25.audit Replacements: https://www.tenable.com/audits/DISA_STIG_Cisco_ASA_NDM_v1r1 https://www.tenable.com/audits/DISA_STIG_Cisco_ASA_VPN_v1r1 https://www.tenable.com/audits/DISA_STIG_Cisco_ASA_FW_v1r2 Juniper DISA_STIG_Juniper_Perimeter_Router_V8R32.audit Replacements: https://www.tenable.com/audits/DISA_STIG_Juniper_Router_NDM_v2r1 https://www.tenable.com/audits/DISA_STIG_Juniper_Router_RTR_v2r3 DISA_STIG_Juniper_Infrastructure_Router_V8R29.audit Replacements: https://www.tenable.com/audits/DISA_STIG_Juniper_Router_NDM_v2r1 https://www.tenable.com/audits/DISA_STIG_Juniper_Router_RTR_v2r3 Target Release Date September 1, 2022New Cisco Viptela SD-WAN Compliance Plugin and Audit Files...
New Cisco Viptela SD-WAN Compliance Plugin and Audit Files Summary Customers can now measure compliance against Cisco Viptela SD-WAN devices with new plugin ID 161408. This plugin retrieves target data via SSH using 'show' commands to evaluate actual values against a given audit policy. Four Tenable best practice audits are being released simultaneously with this plugin: - Tenable Best Practices Cisco Viptela vManage v1.0.0 - Tenable Best Practices Cisco Viptela vBond v1.0.0 - Tenable Best Practices Cisco Viptela vEdge v1.0.0 - Tenable Best Practices Cisco Viptela vSmart v1.0.0 These audits were developed against NIST 800-53 guidelines as well as Cisco documentation. They include checks that evaluate: - Reviewing user accounts - Login banners - Timeouts - Remote and disk logging - NTP - Backup settings - and more! Target Release Date The audits can be download from the Tenable Audits Portal on July 18, 2022 Additional Notes: Online (credentialed) and offline scanning is supported.
New SSH Escalation Type for Checkpoint Gaia In the spirit...
New SSH Escalation Type for Checkpoint Gaia In the spirit of Tenable's continued commitment to excellence, we are changing the way privilege escalation is specified for SSH credentials that target Checkpoint Gaia devices. When support for escalation to expert mode in Gaia scans was first introduced we reused the Cisco enable escalation credential. The difference in escalation commands causes Gaia scans to report failed escalation as device discovery tries different commands including escalated Cisco commands. This change will stop scans that target Gaia from trying Cisco escalation and will eliminate the spurious error reporting. Impact Existing scan policies with Cisco enable privilege escalation will still work with Gaia devices, but the invalid escalations will still be reported as escalation failures. To remove these messages customers will have to modify the SSH credentials for their Gaia targeting scan policies to use the new "Checkpoint Gaia 'expert'" escalation type instead. Going forward the new SSH escalation type should be used for credentials targeting Checkpoint Gaia devices. Changes The new escalation type will be available for every SSH credential type that currently offers an escalation credential. This is what the new escalation type looks like: Target Release Date 4 Oct 2021 - Nessus and Tenable.io 6 Dec 2021 - Tenable.sc
New Cisco IOS XR compliance support and DISA Cisco IOS XR...
New Cisco IOS XR compliance support and DISA Cisco IOS XR STIG v2r1 Summary Customers can now measure compliance of IOS XR devices with changes made to the Cisco IOS compliance plugin (46689). As part of this release, new DISA Cisco IOS XR audits are being published. Tenable Benchmarks DISA Cisco IOS XR NDM v2r1 DISA Cisco IOS XR RTR v2r1 Release Date 15 Dec 2020 Additional Notes: The changes made to the IOS compliance plugin only support direct logins to the IOS interface. Linux shell style logins are not supported by the plugin at this time. The DISA package includes two STIGs: RTR (Router), and NDM (Network Device Management).New DISA Cisco NX-OS Switch STIG v1r1 Summary Customers can...
New DISA Cisco NX-OS Switch STIG v1r1 Summary Customers can now measure the compliance of their NX-OS switches with the new DISA Cisco NX-OS switch audits. Tenable Benchmarks DISA Cisco NX-OS Switch L2s v1r1 DISA Cisco NX-OS Switch RTR v1r1 DISA Cisco NX-OS Switch NDM v1r1 Target Release Date 5 Oct 2020 Additional Notes: The DISA package includes three STIGS: L2s (Layer 2 Switch), RTR (Router), and NDM (Network Device Management). __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.New Cisco ACI Audit Support Summary A new compliance plugin...
New Cisco ACI Audit Support Summary A new compliance plugin and audit support will be released for Cisco Application Centric Infrastructure (ACI) on Nessus Pro and Tenable.io. Additional support for Tenable.sc will be added in a subsequent release. This will add coverage for scanning the Application Policy Infrastructure Controller (APIC) in an ACI environment. This audit is based on recommendations from a number of sources including the Cisco ACI Configuration Guides. The audit file includes checks for a number of different configuration areas including: Management Access Policies Logging Password Policies Session Records Tenable Benchmarks Tenable Cisco ACI Best Practices v1.0.0 Target Release Date 10 August 2020 Additional Notes: ----------------------- Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.New CIS Cisco IOS 16 v1.0.0 Benchmark Audit Summary...
New CIS Cisco IOS 16 v1.0.0 Benchmark Audit Summary Customers with Cisco IOS 16 can now examine their installations’ compliance with Tenable's audit files based on the CIS Cisco IOS 16 v1.0.0 benchmark. Center for Internet Security (CIS) Cisco IOS 16 v1.0.0 - Level 1 Cisco IOS 16 v1.0.0 - Level 2 Includes Scored and Not Scored items Target Release Date 17 June 2020 Additional Notes This audit/benchmark has additional new checks for IOS 16, such as HTTP authentication and concurrent session control, login blocking, and more. This audit has been awarded CIS Certification for its compliance with the benchmark. This and other Tenable certification awards are available at https://www.cisecurity.org/partner/tenable/ . __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.New Cisco FirePower Threat Defense Support Summary A new...
New Cisco FirePower Threat Defense Support Summary A new compliance plugin and audit support will be released for Cisco FirePower Threat Defense on Nessus Pro, Tenable.io and Tenable.sc. This new plugin and audit add coverage beyond the existing Cisco FirePower Management Center audit and allows for additional testing of the configuration within the Threat Defense module directly. Added Tenable Audits Tenable Cisco Firepower Threat Defense Best Practices Audit 1.0.0 Target Release Date 26 Nov 2019 Additional Notes: The Threat Defense support is applicable to both physical and virtual instances. __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.
