| 1.1.1 Ensure default password of root is not allowed | IDENTIFICATION AND AUTHENTICATION |
| 1.1.2 Ensure default password of admin is not used | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy | IDENTIFICATION AND AUTHENTICATION |
| 2.5 Ensure External Users' has access to needed Partitions only | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6 Ensure External Users' Terminal Access is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for Configuration utility sessions | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure access to Configuration utility by clients using TLS version 1.2 or later | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3 Ensure access to Configuration utility is restrcited to needed IP addresses only | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.1 Ensure Prelogin 'Login Banner' is set | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure 'Idle timeout' is less than or equal to 10 minutes for SSH connections | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'Idle timeout' is less than or equal to 10 minutes for tmsh sessions | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure 'Idle timeout' is less than or equal to 10 minutes for serial console sessions | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Ensure minimum SSH Encryption algorithm is set to aes128-cbc | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.6 Ensure to set SSH MAC algorithm to hmac-sha2-256 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure to set Strong SSH KEY Exchange algorithm | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.8 Ensure access SSH to CLI interface is restricted to needed IP addresses only | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 5.1 Ensure redundant NTP servers are configured appropriately | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure to exclude inode information from ETags HTTP Header | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 5.3 Ensure port lockdown for self IP is set | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 Ensure to disable unused services in BIG-IP configuration | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure that SNMP access is allowed to trusted agents IPs only | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure minimum SNMP version is set to V3 for agent access | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure to lockdown access logs to "Administrator , Resource Administrator and Auditor " roles only | AUDIT AND ACCOUNTABILITY |
| 6.4 Ensure that audit logging for "MCP, tmsh and GUI" is set to enabled | AUDIT AND ACCOUNTABILITY |
| 6.5 Ensure that Remote Syslog Servers are configured | AUDIT AND ACCOUNTABILITY |
