We've got a security audit coming up and we wanted to make sure the IOS versions we're running haven't been flagged for vulnerabilities. Is there anywhere on the Cisco web site that notices like that would show up? Or is there some way of determining that our IOS has been "certified" as acceptable? For example, does an organization like CERT or NSA do anything like that?
The alternative, it seems, is just to scour the Cisco web site and see if specific vulnerailities and/or bugs have been announced, but I'm wondering if there's a faster, cleaner way of determining if your IOS is a good one.