| 6.2 Ensure the server is physically secure | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| Configuring a pre-login or post-login message banner for the BIG-IP or Enterprise Manager system - Banner Text | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring a secure password policy for the BIG-IP system - Expiration Warning | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Maximum Duration | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Maximum Login Failures | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring a secure password policy for the BIG-IP system - Minimum Duration | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Minimum Length | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Password Memory | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Required Lowercase Characters | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Required Numeric Characters | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Required Uppercase Characters | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Secure Password Enforcement | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring an automatic logout for idle sessions - Configuration utility | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring an automatic logout for idle sessions - Console Sessions | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring an automatic logout for idle sessions - TMSH | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Always accept ARP | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Always accept important ICMP | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - enabled | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Filter established connections | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Packet filter logging | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Review Packet-Filter Rules | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Send ICMP error on packet reject | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Unhandled Packet Action | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring cookie encryption within the HTTP profile | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Configuring LDAP remote authentication for Active Directory - Scope | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Configuring LDAP remote authentication for Active Directory - Servers | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Configuring LDAP remote authentication for Active Directory - SSL | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Configuring LDAP remote authentication for Active Directory - SSL Check Peer | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Configuring LDAP remote authentication for Active Directory - SSL Client Cert | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Configuring LDAP remote authentication for Active Directory - SSL Client Key | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Configuring the BIG-IP system to enforce the use of strict passwords | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring the BIG-IP system to exclude inode information from Etags | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Disabling the admin account | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Disabling the root shell login account | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| EX16-ED-000550 - Exchange must have antispam filtering configured. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IBM HTTP Server is installed and running on the system | TNS IBM HTTP Server Best Practice | Unix | |
| Mitigating an attack using TCP profiles | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Mitigating risk from SSH brute force login attacks - Monitor login attempts | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Modifying the list of ciphers and MAC and key exchange algorithms used by the SSH service on the BIG-IP system or BIG-IQ system | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Overview of Appliance mode | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Overview of BIG-IP administrative access controls | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Overview of port lockdown behavior | Tenable F5 BIG-IP Best Practice Audit | F5 | CONFIGURATION MANAGEMENT |
| Preserving or modifying HTTP response headers removed by the BIG-IP ASM system | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restricting access to the Configuration utility by source IP address | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Settings to Lock Down your BIG-IP - Admin Terminal Access | Tenable F5 BIG-IP Best Practice Audit | F5 | CONFIGURATION MANAGEMENT |
| Specifying allowable IP ranges for SSH access | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Tenable_Best_Practices_Citrix_ADC_v1.0.0.audit from Tenable Best Practices | Tenable Best Practice Citrix ADC v1.0.0 | Citrix_Application_Delivery | |
| Tenable_Best_Practices_Citrix_ADM_v1.0.0.audit from Tenable Best Practices | Tenable Best Practice Citrix ADM v1.0.0 | Citrix_Application_Delivery | |
| The BIG-IP Core implementation must be configured to protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing pattern recognition pre-processors when providing content filtering to virtual servers. | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| TNS_Best_Practice_RedHat_JBoss_v7_Linux.audit from TNS Best Practice JBoss 7 Linux | TNS Best Practice JBoss 7 Linux | Unix | |
