Network Device Assessments (Cisco, Extreme) in CIS-CAT Pro Assessor 4.52+

By Allan Cornwell
3 min

Product Name

CIS-CAT Pro Assessor v4

Product Version

4.52+

Date

Apr 15, 2025

The new release of CIS-CAT Pro Assessor v4.52.0 includes changes to how Assessor processes certain network device targets, such as Cisco IOS (XE) platforms.

We are no longer recommending remote SSH connections directly to networking endpoints, as doing so in a production environment can present both a security risk as well as lead to negative business impacts due to potential device disruption from running the show tech-support output while under load.

CIS-CAT Pro Assessor v4.52+ users should instead scan against the following Benchmarks using “Network Device” as the Target System Type.

network_device_assessor.png

This is applicable to the following target systems & Benchmarks:

  • Cisco NX-OS, Extreme Networks (released in v4.52.0)

  • Cisco iOS XR (planned for release in v4.53.0)

  • Cisco iOS XE 16 & Cisco iOS XE 17

The “Network Device” Target System Type will now only require the configuration file export (see the “Solution” section below), not the full show tech-support file as was previously the case.

The “Cisco” Target System Type should no longer be used.

For Palo Alto devices, please continue using the available Palo Alto option within the Target System Type drop-down selection.

Cisco Device Assessments

The commands for all Cisco devices are as follows.

  • As Cisco devices typically only have one storage device attached, there is no need to specify a file path.

  • We recommend a detailed file name containing the device hostname for easier identification.
    Note that spaces should not be used in the filename or path.

  • The below 5 commands can be run all at once, but the blank line between the sets (or a ! instead of a blank line) is required. Replace the below placeholder myfilename with your desired name for the configuration.

configure terminal terminal length 0 show running-configuration all | redirect flash:/myfilename configure terminal terminal length 24

-or-

configure terminal terminal length 0 show running-configuration all | redirect flash:/myfilename ! configure terminal terminal length 24

Extreme Networks Device Assessments

The command for Extreme Networks is as follows, with the same statement that we always recommend a detailed file name containing the device hostname for easier identifiability.

The filename or file path should not contain spaces. Replace the below placeholder myfilename with your desired name for the configuration.

Extreme:disable clipaging copy configuration flash:myfilename

For other networking device Benchmarks that are not yet available for assessment via CIS-CAT Pro Assessor:

We are actively seeking Networking Subject Matter Experts to help contribute to our line of Networking Benchmarks, including Cisco & Extreme devices.

If you are interested in helping render the world's computing systems more secure, developing and contributing to CIS Benchmark evolution & development is a great way to do so. Since our Benchmarks are community driven, being involved with the creation process is one way to help shorten the time-to-release of new Benchmarks and associated content.

Please join and start a discussion in the appropriate Benchmark Community:
https://workbench.cisecurity.org/communities/public

Or send an email to:
BenchmarkInfo@cisecurity.org

 

Keywords; Cisco Extreme Configuration Assessment Assessor 4.52.0

Content by Label

Copyright © 2025

Center for Internet Security®

 

Looking for labels? They can now be found in the details panel on the floating action bar.

Related content