Owners Manual
Standard Policies | Change Management and Compliance
OMNM 6.5.2 User Guide 515
COMPLIANCE Cisco TCP Small-Servers (11.3+)
—Disables unneeded TCP services such as
echo, discard, chargen, etc; PCI 2.2.2
COMPLIANCE Cisco UDP Small-Servers (11.2-)
— Disables unneeded UDP services such as
echo, discard, chargen, etc.; PCI 2.2.2.
COMPLIANCE Cisco UDP Small-Servers (11.3+)
—Disables unneeded UDP services such as
echo, discard, chargen, etc; PCI 2.2.2
COMPLIANCE Cisco VTY Exec Timeout
—Set Exec Timeout on VTY ports; PCI 8.5.15
COMPLIANCE Cisco VTY Access Class Inbound
—Set inbound access class on VTY ports;
PCI 2.2.3.
COMPLIANCE Cisco VTY Login
—Enable Login on VTY ports; PCI 2.2.3
COMPLIANCE Cisco VTY Transport Input Limit
—Limit Input Transport on VTY ports; PCI
2.3
COMPLIANCE Cisco Set Login on Console Port
—Enable login on console port; PCI 2.2.3
COMPLIANCE Cisco AAA Login
—AAA login should be enabled; PCI 8.3
COMPLIANCE Cisco BOOTP Server
—The BOOTSP server should be disabled; PCI 2.2.2
COMPLIANCE Cisco CDP Service
—Disable CDP (Cisco Discovery Protocol) globally
COMPLIANCE Cisco Console Exec Timeout
—Set an exec timeout console port; PCI 8.5.15
Cisco tacacs+ enabled
Cisco monitor logging Enabled
Cisco console logging Enabled
Cisco buffered logging Enabled
Cisco SNMP Community String NOT public
Cisco SNMP Community String NOT private
Cisco RADIUS Enabled
Cisco Interfaces MUST have Description
Cisco Banner Enabled
Cisco ACL RFC 1918 space
Cisco ACL Permit Transit Traffic
Cisco ACL Permit RIP
Cisco ACL Permit OSPF
Cisco ACL Permit IGRP
Cisco ACL Permit EIGRP
Cisco ACL Permit BGP
Cisco ACL Deny access to internal infrastructure
Cisco ACL BGP AS Source
Cisco ACL Anti Spoofing
Cisco ACL - Deny special use address source
Cisco session-timeout' Enabled - ALL LINES
Cisco exec-timeout' enabled ALL LINES