1.1.1 Ensure default password of root is not allowed | IDENTIFICATION AND AUTHENTICATION |
1.1.2 Ensure default password of admin is not used | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Ensure Maximum Login Failures | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - EnsurePassword Memory | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Expiration Warning | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Maximum Duration | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Minimum Duration | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Minimum Password Length | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Required Lowercase | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Required Numeric | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Required Special Characters | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Required Uppercase | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - Secure Password Enforcement | IDENTIFICATION AND AUTHENTICATION |
1.1.3 Configure Secure Password Policy - User Lockout | IDENTIFICATION AND AUTHENTICATION |
2.5 Ensure External Users' has access to needed Partitions only | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.6 Ensure External Users' Terminal Access is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
3.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for Configuration utility sessions | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
3.2 Ensure access to Configuration utility by clients using TLS version 1.2 or later | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
3.3 Ensure access to Configuration utility is restricted to needed IP addresses only | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
4.1 Ensure Prelogin 'Login Banner' is set - Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
4.1 Ensure Prelogin 'Login Banner' is set - Login Banner | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
4.2 Ensure 'Idle timeout' is less than or equal to 10 minutes for SSH connections | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
4.3 Ensure 'Idle timeout' is less than or equal to 10 minutes for tmsh sessions | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
4.4 Ensure 'Idle timeout' is less than or equal to 10 minutes for serial console sessions | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
4.5 Ensure minimum SSH Encryption algorithm is set to aes128-cbc | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
4.6 Ensure to set SSH MAC algorithm to hmac-sha2-256 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
4.7 Ensure to set Strong SSH KEY Exchange algorithm | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
4.8 Ensure access SSH to CLI interface is restricted to needed IP addresses only | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
5.1 Ensure redundant NTP servers are configured appropriately | AUDIT AND ACCOUNTABILITY |
5.2 Ensure to exclude inode information from ETags HTTP Header | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
5.3 Ensure port lockdown for self IP is set | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.4 Ensure to disable unused services in BIG-IP configuration | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.1 Ensure that SNMP access is allowed to trusted agents IPs only | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.2 Ensure minimum SNMP version is set to V3 for agent access | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.3 Ensure to lockdown access logs to 'Administrator , Resource Administrator and Auditor ' roles only | AUDIT AND ACCOUNTABILITY |
6.4 Ensure that audit logging for 'MCP, tmsh and GUI' is set to enabled | AUDIT AND ACCOUNTABILITY |
6.5 Ensure that Remote Syslog Servers are configured | AUDIT AND ACCOUNTABILITY |