STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The BIG-IP Core implementation must be configured to protect the authenticity of communications sessions.

DISA Rule

SV-215766r557356_rule

Vulnerability Number

V-215766

Group Title

SRG-NET-000230-ALG-000113

Rule Version

F5BI-LT-000097

Severity

CAT II

CCI(s)

CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

Fix Recommendation

Configure BIG-IP Core to protect the authenticity of communications sessions.

Check Contents

Verify the BIG-IP Core is configured to protect the authenticity of communications sessions.

Navigate to the BIG-IP System manager >> Local Traffic >> Profiles >> SSL >> Client

Verify a profile exists that is FIPS compliant.

Select FIPS-compliant profile.

Select "Advanced" next to "Configuration".

Verify "Ciphers" under "Configuration" section is configured to use FIPS-compliant ciphers.

Verify the BIG-IP Core is configured to use FIPS-compliant profile:

Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.

Select Virtual Server(s) from the list that the LTM module is managing the Client SSL side traffic.

Verify under "Configuration" section, that FIPS-compliant profile is in the "Selected" area for "SSL Profile (Client)".

If the BIG-IP Core is not configured to protect the authenticity of communications sessions, this is a finding.

The BIG-IP Core implementation must be configured to protect the authenticity of communications sessions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments