STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-215797r557356_rule
V-215797
SRG-NET-000401-ALG-000127
F5BI-LT-000261
CAT II
10
If the BIG-IP Core performs content inspection as part of the traffic management functionality, configure the BIG-IP Core as follows:
Configure a policy in the BIG-IP ASM module to check the validity of all data inputs except those specifically identified by the organization.
Apply ASM policy to the applicable Virtual Server(s) in BIG-IP LTM module to check the validity of all data inputs except those specifically identified by the organization.
If the BIG-IP Core does not perform content inspection as part of the traffic management functionality for virtual servers, this is not applicable.
When content inspection is performed as part of the traffic management functionality, verify the BIG-IP Core is configured to check the validity of all data inputs except those specifically identified by the organization.
Verify Virtual Server(s) in the BIG-IP LTM module are configured with an ASM policy to check the validity of all data inputs except those specifically identified by the organization.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Navigate to the Security >> Policies tab.
Verify that "Application Security Policy" is Enabled and "Policy" is set to use an ASM policy to check the validity of all data inputs except those specifically identified by the organization.
If the BIG-IP Core is not configured to check the validity of all data inputs except those specifically identified by the organization, this is a finding.
V-215797
False
F5BI-LT-000261
If the BIG-IP Core does not perform content inspection as part of the traffic management functionality for virtual servers, this is not applicable.
When content inspection is performed as part of the traffic management functionality, verify the BIG-IP Core is configured to check the validity of all data inputs except those specifically identified by the organization.
Verify Virtual Server(s) in the BIG-IP LTM module are configured with an ASM policy to check the validity of all data inputs except those specifically identified by the organization.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Navigate to the Security >> Policies tab.
Verify that "Application Security Policy" is Enabled and "Policy" is set to use an ASM policy to check the validity of all data inputs except those specifically identified by the organization.
If the BIG-IP Core is not configured to check the validity of all data inputs except those specifically identified by the organization, this is a finding.
M
4019