F5BI-DM-000101 - The BIG-IP appliance must be configured to ensure administrators are authenticated with an individual authenticator prior to using a group authenticator.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

To assure individual accountability and prevent unauthorized access, administrators must be individually identified and authenticated.

Individual accountability mandates that each administrator is uniquely identified. A group authenticator is a shared account or some other form of authentication that allows multiple unique individuals to access the network device using a single account.

If a device allows or provides for group authenticators, it must first individually authenticate administrators prior to implementing group authenticator functionality.

Some devices may not have the need to provide a group authenticator; this is considered a matter of device design. In those instances where the device design includes the use of a group authenticator, this requirement will apply. This requirement applies to accounts created and managed on or by the network device.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure the BIG-IP appliance to authenticate administrators with an individual authenticator prior to using a group authenticator.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_11-x_Y20M10_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(5), CAT|II, CCI|CCI-000770, Rule-ID|SV-217397r557520_rule, STIG-ID|F5BI-DM-000101, STIG-Legacy|SV-74575, STIG-Legacy|V-60145, Vuln-ID|V-217397

Plugin: F5

Control ID: 4c7469b959012dfaad236c3b1eb8bb62fe538ab038532b0264ee19db1f84b3a2