STIGQter: STIG Summary: F5 BIG-IP Device Management 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The BIG-IP appliance must be configured to automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

DISA Rule

SV-229002r557520_rule

Vulnerability Number

V-229002

Group Title

SRG-APP-000516-NDM-000317

Rule Version

F5BI-DM-000185

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002238 - The information system automatically locks the account or node for either an organization-defined time period, until the locked account or node is released by an administrator, or delays the next logon prompt according to the organization-defined delay algorithm when the maximum number of unsuccessful logon attempts is exceeded.

Weight

10

Fix Recommendation

Configure the BIG-IP appliance to use a properly configured remote authentication server to automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

Check Contents

Verify the BIG-IP appliance is configured to use a properly configured remote authentication server to automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

Navigate to the BIG-IP System manager >> System >> Users >> Authentication.

Verify that "User Directory" is set to an approved authentication server type that automatically locks the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

If an account is not automatically locked out until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded, this is a finding.

Vulnerability Number

V-229002

Documentable

False

Rule Version

F5BI-DM-000185

Severity Override Guidance

Verify the BIG-IP appliance is configured to use a properly configured remote authentication server to automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

Navigate to the BIG-IP System manager >> System >> Users >> Authentication.

Verify that "User Directory" is set to an approved authentication server type that automatically locks the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.

If an account is not automatically locked out until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded, this is a finding.

Check Content Reference

M

Target Key

4036

Comments