SV-215799r557356_rule
V-215799
SRG-NET-000510-ALG-000040
F5BI-LT-000293
CAT II
10
If encryption intermediary services are provided, configure the BIG-IP Core to implement NIST FIPS-validated cryptography for digital signatures.
If the BIG-IP Core does not provide encryption intermediary services (e.g., HTTPS, TLS, or DNSSEC) for virtual servers, this is not applicable.
When encryption intermediary services are provided, verify the BIG-IP Core is configured to implement NIST FIPS-validated cryptography for digital signatures.
Navigate to the BIG-IP System manager >> Local traffic >> Profiles >> SSL >> Client.
Verify a profile exists that is FIPS Compliant.
Select a FIPS-compliant profile.
Select "Advanced" next to "Configuration".
Verify "Ciphers" under "Configuration" section is configured to use FIPS-compliant ciphers.
Verify applicable virtual servers are configured in the BIG-IP LTM to use a FIPS-compliant client profile:
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Verify under "Configuration" section, that a FIPS-compliant profile is in the "Selected" area of "SSL Profile (Client)".
If the BIG-IP Core does not implement NIST FIPS-validated cryptography for digital signatures, this is a finding.
V-215799
False
F5BI-LT-000293
If the BIG-IP Core does not provide encryption intermediary services (e.g., HTTPS, TLS, or DNSSEC) for virtual servers, this is not applicable.
When encryption intermediary services are provided, verify the BIG-IP Core is configured to implement NIST FIPS-validated cryptography for digital signatures.
Navigate to the BIG-IP System manager >> Local traffic >> Profiles >> SSL >> Client.
Verify a profile exists that is FIPS Compliant.
Select a FIPS-compliant profile.
Select "Advanced" next to "Configuration".
Verify "Ciphers" under "Configuration" section is configured to use FIPS-compliant ciphers.
Verify applicable virtual servers are configured in the BIG-IP LTM to use a FIPS-compliant client profile:
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Verify under "Configuration" section, that a FIPS-compliant profile is in the "Selected" area of "SSL Profile (Client)".
If the BIG-IP Core does not implement NIST FIPS-validated cryptography for digital signatures, this is a finding.
M
4019