Entra ID CIS Assessment with SmartProfiler-SecID
About SmartProfiler SmartProfiler for Entra ID is designed to mitigate security risks in the Azure
Read MoreAlmost all CIS tests are automated with SmartProfiler for Fortigate CIS Assessment.
Detailed reporting includes information about each CIS Test and Step-By-Step Recommendations to fix the issues.
Other than CIS, SmartProfiler for Fortigate CIS Assessment includes other tests.
Supports assessing multiple endpoints via a template.
SmartProfiler for FortiGate CIS Assessment is an automated Risk & Compliance assessment solution designed to significantly enhance your FortiGate firewall security posture. SmartProfiler for FortiGate CIS Assessment aligns with CIS Benchmarks (Version 1.0.0) and includes additional tests developed by our Fortinet security experts to ensure comprehensive evaluation of your FortiGate devices and configurations.
Fortinet FortiOS CIS Benchmark v1.0.0
Fortinet FortiGate Firewall Security Policy Benchmark
Custom Expert-Level Tests for FortiGate OS configurations, network segmentation, policy enforcement, VPN, and threat prevention settings
The Center for Internet Security (CIS) is a nonprofit organization dedicated to identifying, developing, and promoting best-practice solutions for cybersecurity defense. CIS Benchmarks and controls are developed using a consensus-driven approach that involves input from cybersecurity professionals across government, industry, and academia.
SmartProfiler is engineered to support CIS Standards and advanced security assessments across enterprise environments, and now extends that support to Fortinet FortiGate devices—helping you maintain compliance, reduce risk, and strengthen network perimeter defenses.
SmartProfiler for Fortigate CIS requires Fortigate IP Address and API Key with necessary read-only permissions to execute all tests.
o connect SmartProfiler to a FortiGate device, you need the FortiGate's IP address and a valid API key. The API key provides secure, token-based authentication, allowing SmartProfiler to access configuration and system data without requiring username/password credentials. Ensure that the API key has sufficient permissions to perform security assessments and retrieve necessary information from the device.
PowerShell modules are already included in the product, so installing them is not necessary before running the assessment. Before beginning the assessment, the product automatically imports PowerShell modules.
SmartProfiler is a read-only product, and no write operation is ever made to the target while it is being assessed.
SmartProfiler for Fortigate CIS Assessment is simple to use and execute in four-steps.
It typically takes 1-2 hours to perform Fortigate Assessment.
SmartProfiler for Azure CIS Assessment is a read-only product.
Since SmartProfiler generates reports in Microsoft Word format, you can re-brand reports.
SmartProfiler is designed to support multiple Tenants. However, each Fortigate Tenant requires a license before the assessment can be done.
Here is the list of tests included with SmartProfiler for Fortigate CIS Assessment.
| PackCat | CISSection | CISProfile | CISWB | CodeStatus | DynamicPack |
| Network Settings | 1.1 | Level 1 | CIS v1.3.0 | Done | Ensure DNS server is configured |
| Network Settings | 1.2 | Level 1 | CIS v1.3.0 | Done | Ensure intra-zone traffic is not always allowed |
| Network Settings | 1.3 | Level 1 | CIS v1.3.0 | Done | Disable all management related services on WAN port |
| System Settings-General Settings | 2.1.1 | Level 1 | CIS v1.3.0 | Done | Ensure Pre-Login Banner is set |
| System Settings-General Settings | 2.1.2 | Level 1 | CIS v1.3.0 | Done | Ensure Post-Login-Banner is set |
| System Settings-General Settings | 2.1.3 | Level 1 | CIS v1.3.0 | Done | Ensure timezone is properly configured |
| System Settings-General Settings | 2.1.4 | Level 1 | CIS v1.3.0 | Done | Ensure correct system time is configured through NTP |
| System Settings-General Settings | 2.1.5 | Level 1 | CIS v1.3.0 | Done | Ensure hostname is set |
| System Settings-General Settings | 2.1.6 | Level 2 | CIS v1.3.0 | Done | Ensure the latest firmware is installed |
| System Settings-General Settings | 2.1.7 | Level 2 | CIS v1.3.0 | Done | Disable USB Firmware and configuration installation |
| System Settings-General Settings | 2.1.8 | Level 2 | CIS v1.3.0 | Done | Disable static keys for TLS |
| System Settings-General Settings | 2.1.9 | Level 2 | CIS v1.3.0 | Done | Enable Global Strong Encryption |
| System Settings-General Settings | 2.1.10 | Level 1 | CIS v1.3.0 | Done | Ensure management GUI listens on secure TLS version |
| System Settings-General Settings | 2.1.11 | Level 2 | CIS v1.3.0 | Done | Ensure CDN is enabled for improved GUI performance |
| System Settings-General Settings | 2.1.12 | Level 1 | CIS v1.3.0 | Done | Ensure single CPU core overloaded event is logged |
| Password Policy | 2.2.1 | Level 1 | CIS v1.3.0 | Done | Ensure Password Policy is enabled |
| Password Policy | 2.2.2 | Level 1 | CIS v1.3.0 | Done | Ensure administrator password retries and lockout time are configured |
| SNMP | 2.3.1 | Level 2 | CIS v1.3.0 | Done | Ensure only SNMPv3 is enabled |
| SNMP | 2.3.2 | Level 2 | CIS v1.3.0 | Done | Allow only trusted hosts in SNMPv3 |
| Administrators and Admin Profiles | 2.4.1 | Level 1 | CIS v1.3.0 | Done | Ensure default admin password is changed |
| Administrators and Admin Profiles | 2.4.2 | Level 1 | CIS v1.3.0 | NONE | NONE-No Match |
| Administrators and Admin Profiles | 2.4.3 | Level 1 | CIS v1.3.0 | Done | Ensure admin accounts with different privileges have their correct profiles assigned |
| Administrators and Admin Profiles | 2.4.4 | Level 1 | CIS v1.3.0 | Done | Ensure idle timeout time is configured |
| Administrators and Admin Profiles | 2.4.5 | Level 1 | CIS v1.3.0 | Done | Ensure only encrypted access channels are enabled |
| Administrators and Admin Profiles | 2.4.6 | Level 1 | CIS v1.3.0 | Done | Apply Local-in Policies |
| Administrators and Admin Profiles | 2.4.7 | Level 1 | CIS v1.3.0 | Done | Ensure default admin ports are changed |
| Administrators and Admin Profiles | 2.4.8 | Level 1 | CIS v1.3.0 | Done | Virtual patching on the local-in management interface |
| High Availability | 2.5.1 | Level 2 | CIS v1.3.0 | Done | Ensure High Availability configuration is enabled |
| High Availability | 2.5.2 | Level 1 | CIS v1.3.0 | Done | Ensure Monitor Interfaces for High Availability devices is enabled |
| High Availability | 2.5.3 | Level 1 | CIS v1.3.0 | Done | Ensure HA Reserved Management Interface is configured |
| Policy and Objects | 3.1 | Level 2 | CIS v1.3.0 | Done | Ensure that unused policies are reviewed regularly |
| Policy and Objects | 3.2 | Level 1 | CIS v1.3.0 | Done | Ensure that policies do not use ALL as service |
| Policy and Objects | 3.3 | Level 1 | CIS v1.3.0 | Done | Ensure firewall policy denying all traffic to-from Tor malicious servers or scanner IP addresses using ISDB |
| Policy and Objects | 3.4 | Level 1 | CIS v1.3.0 | Done | Ensure logging is enabled on all firewall policies |
| Intrusion Prevention System (IPS) | 4.1.1 | Level 2 | CIS v1.3.0 | Done | Detect Botnet connections |
| Intrusion Prevention System (IPS) | 4.1.2 | Level 1 | CIS v1.3.0 | Done | Apply IPS Security Profile to policies |
| Antivirus | 4.2.1 | Level 2 | CIS v1.3.0 | Done | Ensure Antivirus Definition Push Updates are configured |
| Antivirus | 4.2.2 | Level 2 | CIS v1.3.0 | Done | Apply Antivirus Security Profile to policies |
| Antivirus | 4.2.3 | Level 2 | CIS v1.3.0 | Done | Enable Outbreak Prevention Database |
| Antivirus | 4.2.4 | Level 2 | CIS v1.3.0 | Done | Enable AI-heuristic based malware detection |
| Antivirus | 4.2.5 | Level 2 | CIS v1.3.0 | Done | Enable grayware detection on antivirus |
| Antivirus | 4.2.6 | Level 1 | CIS v1.3.0 | Done | Ensure inline scanning with FortiGuard AI-Based Sandbox Service is enabled |
| DNS Filter | 4.3.1 | Level 2 | CIS v1.3.0 | Done | Enable Botnet CnC Domain Blocking DNS Filter |
| DNS Filter | 4.3.2 | Level 1 | CIS v1.3.0 | Done | Ensure DNS Filter logs all DNS queries and responses |
| DNS Filter | 4.3.3 | Level 1 | CIS v1.3.0 | Done | Apply DNS Filter Security Profile to policies |
| Application Control | 4.4.1 | Level 1 | CIS v1.3.0 | Done | Block high-risk categories on Application Control |
| Application Control | 4.4.2 | Level 2 | CIS v1.3.0 | Done | Block applications running on non-default ports |
| Application Control | 4.4.3 | Level 1 | CIS v1.3.0 | Done | Ensure all Application Control related traffic is logged |
| Application Control | 4.4.4 | Level 1 | CIS v1.3.0 | Done | Apply Application Control Security Profile to policies |
| Security Fabric | 5.1.1 | Level 1 | CIS v1.3.0 | Done | Enable Compromised Host Quarantine |
| Configure Root FortiGate for Security Fabric | 5.2.1.1 | Level 2 | CIS v1.3.0 | Done | Ensure Security Fabric is configured |
| VPN | 6.1.1 | Level 2 | CIS v1.3.0 | Done | Apply a trusted signed certificate for VPN portal |
| VPN | 6.1.2 | Level 2 | CIS v1.3.0 | Done | Enable limited TLS versions for SSL VPN |
| Enable Logging | 7.1.1 | Level 2 | CIS v1.3.0 | Done | Enable event logging |
| Enable Logging | 7.2.1 | Level 1 | CIS v1.3.0 | Done | Encrypt log transmission to FortiAnalyzer-FortiManager |
| Centralized Logging and Reporting | 7.3.1 | Level 2 | CIS v1.3.0 | Done | Centralized logging and reporting |
Instead of manually gathering data, which could take a significant amount of time, SmartProfiler for Azure CIS Assessment has automated all the tests to ensure that the assessment is completed in a matter of hours.
If you’re really looking for an Active Directory security assessment tool, download SmartProfiler and perform an assessment. This will assist you in identifying security, health, and configuration problems.
The health and misconfiguration assessment feature of SmartProfiler can be very useful in demonstrating that your environment does not use Microsoft’s suggested settings.
The best feature of SmartProfiler is that it can perform the assessment without a Global Admin account and without needing the registration of an Azure AD application. Because it only required a Global Reader Account, we were able to use the tool effectively for our clients and clients could allow us to conduct the assessment!
SmartProfiler's advanced assessment parameters really gives you insights about your Active Directory environment and make sure every risk is mitigated.
About SmartProfiler SmartProfiler for Entra ID is designed to mitigate security risks in the Azure
Read MoreAbout SmartProfiler SmartProfiler for Active Directory and ACTIVE DIRECTORY is designed to mitigate security risks
Read MoreOrganizations are increasingly reliant on cloud-based services to enhance productivity and collaboration. Microsoft 365, with
Read More