STIGQter: STIG Summary: F5 BIG-IP Application Security Manager 11.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 29 May 2015:

The BIG-IP ASM module must check the validity of all data inputs except those specifically identified by the organization.

DISA Rule

SV-74495r1_rule

Vulnerability Number

V-60065

Group Title

SRG-NET-000401-ALG-000127

Rule Version

F5BI-AS-000261

Severity

CAT II

CCI(s)

CCI-001310 - The information system checks the validity of organization-defined inputs.

Weight

Fix Recommendation

If the BIG-IP ASM module is used to support content filtering as part of the traffic management functionality of the BIG-IP Core, configure the BIG-IP ASM module to check the validity of all data inputs except those specifically identified by the organization.

Check Contents

If the BIG-IP ASM module is not used to support content filtering as part of the traffic management functions of the BIG-IP Core, this is not applicable.

Verify the BIG-IP ASM module is configured to check the validity of all data inputs except those specifically identified by the organization.

Navigate to the BIG-IP System manager >> Application Security >> Parameters >> Parameters List.

Select the policy for "Current Edited Policy" used for checking data inputs.

Review the parameters under the "Parameters List" section.

Verify parameters are configured to check the validity of all data inputs except those specifically identified by the organization.

If the BIG-IP ASM module is not configured to check the validity of all data inputs except those specifically identified by the organization, this is a finding.

The BIG-IP ASM module must check the validity of all data inputs except those specifically identified by the organization.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments