Sep 9, 2025 Functional Update- 2.5 Ensure External Users' has access to needed Partitions only
- 2.6 Ensure External Users' Terminal Access is Disabled
- 3.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for Configuration utility sessions
- 3.2 Ensure access to Configuration utility by clients using TLS version 1.2 or later
- 4.2 Ensure 'Idle timeout' is less than or equal to 10 minutes for SSH connections
- 4.3 Ensure 'Idle timeout' is less than or equal to 10 minutes for tmsh sessions
- 4.4 Ensure 'Idle timeout' is less than or equal to 10 minutes for serial console sessions
- 4.5 Ensure minimum SSH Encryption algorithm is set to aes128-cbc
- 4.6 Ensure to set SSH MAC algorithm to hmac-sha2-256
- 4.7 Ensure to set Strong SSH KEY Exchange algorithm
- 4.8 Ensure access SSH to CLI interface is restricted to needed IP addresses only
- 5.1 Ensure redundant NTP servers are configured appropriately
- 5.2 Ensure to exclude inode information from ETags HTTP Header
- 5.3 Ensure port lockdown for self IP is set
- 5.4 Ensure to disable unused services in BIG-IP configuration
- 6.1 Ensure that SNMP access is allowed to trusted agents IPs only
- 6.5 Ensure that Remote Syslog Servers are configured
Informational Update- 1.1.1 Ensure default password of root is not allowed
- 1.1.2 Ensure default password of admin is not used
- 2.5 Ensure External Users' has access to needed Partitions only
- 2.6 Ensure External Users' Terminal Access is Disabled
- 3.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for Configuration utility sessions
- 3.2 Ensure access to Configuration utility by clients using TLS version 1.2 or later
- 4.2 Ensure 'Idle timeout' is less than or equal to 10 minutes for SSH connections
- 4.3 Ensure 'Idle timeout' is less than or equal to 10 minutes for tmsh sessions
- 4.4 Ensure 'Idle timeout' is less than or equal to 10 minutes for serial console sessions
- 4.5 Ensure minimum SSH Encryption algorithm is set to aes128-cbc
- 4.6 Ensure to set SSH MAC algorithm to hmac-sha2-256
- 4.7 Ensure to set Strong SSH KEY Exchange algorithm
- 4.8 Ensure access SSH to CLI interface is restricted to needed IP addresses only
- 5.1 Ensure redundant NTP servers are configured appropriately
- 5.2 Ensure to exclude inode information from ETags HTTP Header
- 5.3 Ensure port lockdown for self IP is set
- 5.4 Ensure to disable unused services in BIG-IP configuration
- 6.1 Ensure that SNMP access is allowed to trusted agents IPs only
- 6.2 Ensure minimum SNMP version is set to V3 for agent access
- 6.5 Ensure that Remote Syslog Servers are configured
Miscellaneous- Metadata updated.
- References updated.
- Variables updated.
Added- 1.1.3 Configure Secure Password Policy
- 3.3 Ensure access to Configuration utility is restrcited to needed IP addresses only
- 4.1 Ensure Prelogin 'Login Banner' is set
- 6.3 Ensure to lockdown access logs to \"Administrator , Resource Administrator and Auditor \" roles only
- 6.4 Ensure that audit logging for \"MCP, tmsh and GUI\" is set to enabled
Removed- 1.1.3 Configure Secure Password Policy - Ensure Maximum Login Failures
- 1.1.3 Configure Secure Password Policy - EnsurePassword Memory
- 1.1.3 Configure Secure Password Policy - Expiration Warning
- 1.1.3 Configure Secure Password Policy - Maximum Duration
- 1.1.3 Configure Secure Password Policy - Minimum Duration
- 1.1.3 Configure Secure Password Policy - Minimum Password Length
- 1.1.3 Configure Secure Password Policy - Required Lowercase
- 1.1.3 Configure Secure Password Policy - Required Numeric
- 1.1.3 Configure Secure Password Policy - Required Special Characters
- 1.1.3 Configure Secure Password Policy - Required Uppercase
- 1.1.3 Configure Secure Password Policy - Secure Password Enforcement
- 1.1.3 Configure Secure Password Policy - User Lockout
- 3.3 Ensure access to Configuration utility is restricted to needed IP addresses only
- 4.1 Ensure Prelogin 'Login Banner' is set - Enabled
- 4.1 Ensure Prelogin 'Login Banner' is set - Login Banner
- 6.3 Ensure to lockdown access logs to 'Administrator , Resource Administrator and Auditor ' roles only
- 6.4 Ensure that audit logging for 'MCP, tmsh and GUI' is set to enabled
|
Jun 17, 2024 |
Mar 7, 2023 Miscellaneous- Metadata updated.
- References updated.
|
Jan 4, 2023 Miscellaneous- Metadata updated.
- Variables updated.
|
Dec 7, 2022 |
Apr 25, 2022 |
