| 1.1.1 Apply the latest OS patches | |
| 1.1.2 Install and configure HP-UX Secure Shell '/opt/ssh/etc/sshd_config' | CONFIGURATION MANAGEMENT |
| 1.1.2 Install and configure HP-UX Secure Shell 'Banner=/etc/issue' | ACCESS CONTROL |
| 1.1.2 Install and configure HP-UX Secure Shell 'IgnoreRhosts=yes' | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.1.2 Install and configure HP-UX Secure Shell 'PermitEmptyPasswords=no' | IDENTIFICATION AND AUTHENTICATION |
| 1.1.2 Install and configure HP-UX Secure Shell 'PermitRootLogin=no' | ACCESS CONTROL |
| 1.1.2 Install and configure HP-UX Secure Shell 'Protocol=2' | CONFIGURATION MANAGEMENT |
| 1.1.2 Install and configure HP-UX Secure Shell 'RhostsAuthentication=no' | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.1.2 Install and configure HP-UX Secure Shell 'RhostsRSAAuthentication=no' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.2 Install and configure HP-UX Secure Shell 'X11Forwarding=yes' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.1.3 Use Bastille to report security configuration state | |
| 1.2.1 Disable Standard Services '/etc/inetd.conf' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'auth' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'bootps' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'chargen' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'daytime' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'discard' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'dtspc' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'echo' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'exec' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'finger' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'ident' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'instl_boots' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'kcms_server' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'klogin' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'kshell' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'login' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'ntalk' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'printer' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'recserv' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'registrar' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'rpc.cmsd' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'rpc.rstatd' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'rpc.rusersd' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'rpc.rwalld' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'rpc.sprayd' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'shell' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'tftp' | CONFIGURATION MANAGEMENT |
| 1.2.1 Disable Standard Services 'uucp' | CONFIGURATION MANAGEMENT |
| 1.2.1/1.2.2 Disable Standard Services 'telnet' | CONFIGURATION MANAGEMENT |
| 1.2.1/1.2.3 Disable FTP, if necessary | CONFIGURATION MANAGEMENT |
| 1.2.1/1.2.7 Disable rpc.rquotad | CONFIGURATION MANAGEMENT |
| 1.2.1/1.2.8 Disable rpc.ttdbserver | CONFIGURATION MANAGEMENT |
| 1.2.4 Only enable rlogin/remsh/rcp if absolutely necessary 'login' | CONFIGURATION MANAGEMENT |
| 1.2.4 Only enable rlogin/remsh/rcp if absolutely necessary 'shell' | CONFIGURATION MANAGEMENT |
| 1.2.5 Only enable TFTP if absolutely necessary | CONFIGURATION MANAGEMENT |
| 1.2.6 Only enable printer service if absolutely necessary | CONFIGURATION MANAGEMENT |
| 1.2.9 Only enable Kerberos-related daemons if absolutely necessary 'klogin' | CONFIGURATION MANAGEMENT |
| 1.2.9 Only enable Kerberos-related daemons if absolutely necessary 'kshell' | CONFIGURATION MANAGEMENT |
| 1.2.10 Only enable BOOTP/DHCP daemon if absolutely necessary | CONFIGURATION MANAGEMENT |
