Detections
Analytics

DISA F5 BIG-IP Access Policy Manager 11.x STIG V1R1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA F5 BIG-IP Access Policy Manager 11.x STIG V1R1

Updated: 6/2/2021

Authority: DISA STIG

Plugin: F5

Revision: 1.9

Estimated Item Count: 24

Audit Changelog

 
Revision 1.9

Jun 2, 2021

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.8

Apr 28, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.7

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.6

Apr 15, 2020

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.5

Dec 19, 2019

Informational Update
  • F5BI-AP-000003 - The BIG-IP APM must enforce approved authorizations for logical access to information and system resources.
  • F5BI-AP-000023 - The BIG-IP APM must display the Mandatory DoD-approved Notice and Consent Banner before granting access to virtual servers.
  • F5BI-AP-000025 - The BIG-IP APM must retain the Mandatory DoD-approved Notice and Consent Banner on the screen until users acknowledge.
  • F5BI-AP-000027 - The BIG-IP APM must display the Mandatory DoD-approved Notice and Consent Banner before granting access.
  • F5BI-AP-000073 - The BIG-IP APM must uniquely identify and authenticate organizational users when connecting to virtual servers.
  • F5BI-AP-000075 - The BIG-IP APM must be configured with a pre-established trust relationship and mechanisms with appropriate authorities.
  • F5BI-AP-000077 - The BIG-IP APM must restrict user auth traffic to specific auth server(s) when providing user auth to virtual servers.
  • F5BI-AP-000079 - The BIG-IP APM module must use multifactor authentication for network access to non-privileged accounts.
  • F5BI-AP-000085 - The BIG-IP APM must map the authenticated identity to the user account for PKI-based authentication to virtual servers.
  • F5BI-AP-000087 - The BIG-IP APM must be configured to uniquely identify and authenticate non-organizational users.
  • F5BI-AP-000147 - The BIG-IP APM access policy profile must be configured to automatically terminate user sessions.
  • F5BI-AP-000151 - The BIG-IP APM access policy profile must be configured to display an explicit logoff message to users.
  • F5BI-AP-000153 - The BIG-IP APM module access policy profile must control remote access methods to virtual servers.
  • F5BI-AP-000191 - The BIG-IP APM must require users to re-authenticate when circumstances or situations require re-authentication.
  • F5BI-AP-000193 - The BIG-IP APM must be configured to require multifactor authentication for remote access with non-privileged accounts.
  • F5BI-AP-000195 - The BIG-IP APM must be configured to require multifactor authentication for remote access with privileged accounts.
  • F5BI-AP-000197 - The BIG-IP APM must accept PIV credentials when providing user authentication to virtual servers.
  • F5BI-AP-000199 - The BIG-IP APM must electronically verify PIV credentials when providing user authentication to virtual servers.
  • F5BI-AP-000205 - The BIG-IP APM module must accept Personal Identity Verification (PIV) credentials from other federal agencies.
  • F5BI-AP-000207 - The BIG-IP APM must electronically verify Personal Identity Verification (PIV) credentials from other federal agencies.
  • F5BI-AP-000209 - The BIG-IP APM module must accept FICAM-approved third-party credentials.
  • F5BI-AP-000211 - The BIG-IP APM module must conform to FICAM-issued profiles.
  • F5BI-AP-000229 - The BIG-IP APM must be configured to handle invalid inputs in a predictable and documented manner.
Miscellaneous
  • Platform check updated.
Added
  • DISA_F5_BIG-IP_APM_11_V1R1.audit from DISA F5 BIG-IP Access Policy Manager 11.x STIG
Revision 1.4

Jan 29, 2019

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.3

Dec 12, 2018

Informational Update
  • F5BI-AP-000003 - The BIG-IP APM must enforce approved authorizations for logical access to information and system resources.
  • F5BI-AP-000023 - The BIG-IP APM must display the Mandatory DoD-approved Notice and Consent Banner before granting access to virtual servers.
  • F5BI-AP-000025 - The BIG-IP APM must retain the Mandatory DoD-approved Notice and Consent Banner on the screen until users acknowledge.
  • F5BI-AP-000027 - The BIG-IP APM must display the Mandatory DoD-approved Notice and Consent Banner before granting access.
  • F5BI-AP-000073 - The BIG-IP APM must uniquely identify and authenticate organizational users when connecting to virtual servers.
  • F5BI-AP-000075 - The BIG-IP APM must be configured with a pre-established trust relationship and mechanisms with appropriate authorities.
  • F5BI-AP-000077 - The BIG-IP APM must restrict user auth traffic to specific auth server(s) when providing user auth to virtual servers.
  • F5BI-AP-000079 - The BIG-IP APM module must use multifactor authentication for network access to non-privileged accounts.
  • F5BI-AP-000085 - The BIG-IP APM must map the authenticated identity to the user account for PKI-based authentication to virtual servers.
  • F5BI-AP-000087 - The BIG-IP APM must be configured to uniquely identify and authenticate non-organizational users.
  • F5BI-AP-000147 - The BIG-IP APM access policy profile must be configured to automatically terminate user sessions.
  • F5BI-AP-000151 - The BIG-IP APM access policy profile must be configured to display an explicit logoff message to users.
  • F5BI-AP-000153 - The BIG-IP APM module access policy profile must control remote access methods to virtual servers.
  • F5BI-AP-000191 - The BIG-IP APM must require users to re-authenticate when circumstances or situations require re-authentication.
  • F5BI-AP-000193 - The BIG-IP APM must be configured to require multifactor authentication for remote access with non-privileged accounts.
  • F5BI-AP-000195 - The BIG-IP APM must be configured to require multifactor authentication for remote access with privileged accounts.
  • F5BI-AP-000197 - The BIG-IP APM must accept PIV credentials when providing user authentication to virtual servers.
  • F5BI-AP-000199 - The BIG-IP APM must electronically verify PIV credentials when providing user authentication to virtual servers.
  • F5BI-AP-000205 - The BIG-IP APM module must accept Personal Identity Verification (PIV) credentials from other federal agencies.
  • F5BI-AP-000207 - The BIG-IP APM must electronically verify Personal Identity Verification (PIV) credentials from other federal agencies.
  • F5BI-AP-000209 - The BIG-IP APM module must accept FICAM-approved third-party credentials.
  • F5BI-AP-000211 - The BIG-IP APM module must conform to FICAM-issued profiles.
  • F5BI-AP-000229 - The BIG-IP APM must be configured to handle invalid inputs in a predictable and documented manner.
Miscellaneous
  • Metadata updated.
  • References updated.