CIS F5 Networks v1.0.0 L1

Audit Details

Name: CIS F5 Networks v1.0.0 L1

Updated: 4/25/2022

Authority: CIS

Plugin: F5

Revision: 1.1

Estimated Item Count: 37

File Details

Filename: CIS_F5_Networks_Benchmark_v1.0.0_L1.audit

Size: 61.4 kB

MD5: 5045bdb05822086d12118c12eaec239f
SHA256: b03cbdf288350fa70818112c9717c50d9d6338d435f0cb77b9c3536fcccd5d26

Audit Items

DescriptionCategories
1.1.1 Ensure default password of root is not allowed

IDENTIFICATION AND AUTHENTICATION

1.1.2 Ensure default password of admin is not used

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Ensure Maximum Login Failures

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - EnsurePassword Memory

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Expiration Warning

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Maximum Duration

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Minimum Duration

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Minimum Password Length

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Required Lowercase

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Required Numeric

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Required Special Characters

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Required Uppercase

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - Secure Password Enforcement

IDENTIFICATION AND AUTHENTICATION

1.1.3 Configure Secure Password Policy - User Lockout

IDENTIFICATION AND AUTHENTICATION

2.5 Ensure External Users' has access to needed Partitions only

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

2.6 Ensure External Users' Terminal Access is Disabled

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for Configuration utility sessions

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

3.2 Ensure access to Configuration utility by clients using TLS version 1.2 or later

ACCESS CONTROL

3.3 Ensure access to Configuration utility is restricted to needed IP addresses only

ACCESS CONTROL

4.1 Ensure Prelogin 'Login Banner' is set - Enabled

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

4.1 Ensure Prelogin 'Login Banner' is set - Login Banner

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

4.2 Ensure 'Idle timeout' is less than or equal to 10 minutes for SSH connections

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

4.3 Ensure 'Idle timeout' is less than or equal to 10 minutes for tmsh sessions

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

4.4 Ensure 'Idle timeout' is less than or equal to 10 minutes for serial console sessions

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

4.5 Ensure minimum SSH Encryption algorithm is set to aes128-cbc

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

4.6 Ensure to set SSH MAC algorithm to hmac-sha2-256

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

4.7 Ensure to set Strong SSH KEY Exchange algorithm

ACCESS CONTROL

4.8 Ensure access SSH to CLI interface is restricted to needed IP addresses only

ACCESS CONTROL

5.1 Ensure redundant NTP servers are configured appropriately

AUDIT AND ACCOUNTABILITY

5.2 Ensure to exclude inode information from ETags HTTP Header

ACCESS CONTROL

5.3 Ensure port lockdown for self IP is set

SYSTEM AND COMMUNICATIONS PROTECTION

5.4 Ensure to disable unused services in BIG-IP configuration

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.1 Ensure that SNMP access is allowed to trusted agents IPs only

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2 Ensure minimum SNMP version is set to V3 for agent access

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.3 Ensure to lockdown access logs to 'Administrator , Resource Administrator and Auditor ' roles only

AUDIT AND ACCOUNTABILITY

6.4 Ensure that audit logging for 'MCP, tmsh and GUI' is set to enabled

AUDIT AND ACCOUNTABILITY

6.5 Ensure that Remote Syslog Servers are configured

AUDIT AND ACCOUNTABILITY