STIGQter: STIG Summary: F5 BIG-IP Device Management 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The BIG-IP appliance must be configured to enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.

DISA Rule

SV-217387r557520_rule

Vulnerability Number

V-217387

Group Title

SRG-APP-000033-NDM-000212

Rule Version

F5BI-DM-000027

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Configure the BIG-IP appliance to enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.

Check Contents

Verify the BIG-IP appliance is configured to enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.

Verify the BIG-IP appliance is configured to utilize a properly configured authentication server.

Navigate to the BIG-IP System manager >> System >> Users >> Authentication.

Verify "Authentication: User Directory" is configured to use an approved remote authentication server that enforces the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level.

If the BIG-IP appliance is not configured to enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level, this is a finding.

Vulnerability Number

V-217387

Documentable

False

Rule Version

F5BI-DM-000027

Severity Override Guidance

Verify the BIG-IP appliance is configured to enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.

Verify the BIG-IP appliance is configured to utilize a properly configured authentication server.

Navigate to the BIG-IP System manager >> System >> Users >> Authentication.

Verify "Authentication: User Directory" is configured to use an approved remote authentication server that enforces the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level.

If the BIG-IP appliance is not configured to enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level, this is a finding.

Check Content Reference

M

Target Key

4036

Comments