Detections
Analytics

DISA F5 BIG-IP Access Policy Manager 11.x STIG V1R1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA F5 BIG-IP Access Policy Manager 11.x STIG V1R1

Updated: 6/2/2021

Authority: DISA STIG

Plugin: F5

Revision: 1.9

Estimated Item Count: 24

Audit Items

DescriptionCategories
DISA_F5_BIG-IP_APM_11_V1R1.audit from DISA F5 BIG-IP Access Policy Manager 11.x STIG
F5BI-AP-000003 - The BIG-IP APM must enforce approved authorizations for logical access to information and system resources.

ACCESS CONTROL

F5BI-AP-000023 - The BIG-IP APM must display the Mandatory DoD-approved Notice and Consent Banner before granting access to virtual servers.

ACCESS CONTROL

F5BI-AP-000025 - The BIG-IP APM must retain the Mandatory DoD-approved Notice and Consent Banner on the screen until users acknowledge.

ACCESS CONTROL

F5BI-AP-000027 - The BIG-IP APM must display the Mandatory DoD-approved Notice and Consent Banner before granting access.

ACCESS CONTROL

F5BI-AP-000073 - The BIG-IP APM must uniquely identify and authenticate organizational users when connecting to virtual servers.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000075 - The BIG-IP APM must be configured with a pre-established trust relationship and mechanisms with appropriate authorities.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000077 - The BIG-IP APM must restrict user auth traffic to specific auth server(s) when providing user auth to virtual servers.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000079 - The BIG-IP APM module must use multifactor authentication for network access to non-privileged accounts.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000085 - The BIG-IP APM must map the authenticated identity to the user account for PKI-based authentication to virtual servers.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000087 - The BIG-IP APM must be configured to uniquely identify and authenticate non-organizational users.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000147 - The BIG-IP APM access policy profile must be configured to automatically terminate user sessions.

ACCESS CONTROL

F5BI-AP-000151 - The BIG-IP APM access policy profile must be configured to display an explicit logoff message to users.

ACCESS CONTROL

F5BI-AP-000153 - The BIG-IP APM module access policy profile must control remote access methods to virtual servers.

ACCESS CONTROL

F5BI-AP-000191 - The BIG-IP APM must require users to re-authenticate when circumstances or situations require re-authentication.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000193 - The BIG-IP APM must be configured to require multifactor authentication for remote access with non-privileged accounts.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000195 - The BIG-IP APM must be configured to require multifactor authentication for remote access with privileged accounts.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000197 - The BIG-IP APM must accept PIV credentials when providing user authentication to virtual servers.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000199 - The BIG-IP APM must electronically verify PIV credentials when providing user authentication to virtual servers.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000205 - The BIG-IP APM module must accept Personal Identity Verification (PIV) credentials from other federal agencies.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000207 - The BIG-IP APM must electronically verify Personal Identity Verification (PIV) credentials from other federal agencies.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000209 - The BIG-IP APM module must accept FICAM-approved third-party credentials.

IDENTIFICATION AND AUTHENTICATION

F5BI-AP-000211 - The BIG-IP APM module must conform to FICAM-issued profiles.
F5BI-AP-000229 - The BIG-IP APM must be configured to handle invalid inputs in a predictable and documented manner.