STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The BIG-IP Core implementation must be able to conform to FICAM-issued profiles when providing authentication to virtual servers.

DISA Rule

SV-215788r557356_rule

Vulnerability Number

V-215788

Group Title

SRG-NET-000349-ALG-000106

Rule Version

F5BI-LT-000211

Severity

CAT II

CCI(s)

• CCI-002014 - The information system conforms to FICAM-issued profiles.

Weight

10

Fix Recommendation

If user authentication intermediary services are provided, configure BIG-IP Core as follows:

Configure a policy in the BIG-IP APM module to conform to FICAM-issued profiles when providing authentication.

Apply APM policy to the applicable Virtual Server(s) in the BIG-IP LTM module to conform to FICAM-issued profiles when providing authentication to virtual servers.

Check Contents

If the BIG-IP Core does not provide user authentication intermediary services for virtual servers, this is not applicable.

When user authentication intermediary services are provided, verify the BIG-IP Core is configured as follows:

Verify Virtual Server(s) in the BIG-IP LTM module are configured with an APM policy to conform to FICAM-issued profiles when providing authentication.

Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.

Select Virtual Servers(s) from the list to verify.

Verify under "Access Policy" section that "Access Policy" has been set to conform to FICAM-issued profiles when providing authentication to pools/nodes.

If the BIG-IP Core is not configured to conform to FICAM-issued profiles, this is a finding.

Vulnerability Number

V-215788

Documentable

False

Rule Version

F5BI-LT-000211

Severity Override Guidance

If the BIG-IP Core does not provide user authentication intermediary services for virtual servers, this is not applicable.

When user authentication intermediary services are provided, verify the BIG-IP Core is configured as follows:

Verify Virtual Server(s) in the BIG-IP LTM module are configured with an APM policy to conform to FICAM-issued profiles when providing authentication.

Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.

Select Virtual Servers(s) from the list to verify.

Verify under "Access Policy" section that "Access Policy" has been set to conform to FICAM-issued profiles when providing authentication to pools/nodes.

If the BIG-IP Core is not configured to conform to FICAM-issued profiles, this is a finding.

Check Content Reference

M

Target Key

4019

Comments