Detections
Analytics
F5BI-LT-000007 - The BIG-IP Core implementation must be configured to restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.
Information
Information flow control regulates where information is allowed to travel within a network and between interconnected networks. Blocking or restricting detected harmful or suspicious communications between interconnected networks enforces approved authorizations for controlling the flow of traffic.This requirement applies the Application Layer Gateway (ALG) when used as a gateway or boundary device that allows traffic flow between interconnected networks of differing security policies.
The ALG is installed and configured in such a way that it restricts or blocks information flows based on guidance in the Ports, Protocols, and Services Management (PPSM) regarding restrictions for boundary crossing for ports, protocols and services. Information flow restrictions may be implemented based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.
The ALG must be configured with policy filters (e.g., security policy, rules, and/or signatures) that restrict or block information system services; provide a packet-filtering capability based on header information; and/or perform message filtering based on message content. The policy filters used depend upon the type of application gateway (e.g., web, email, or TLS).
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
If user packet-filtering intermediary services are provided, configure the BIG-IP Core as follows:Configure a policy in the BIG-IP AFM module to restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.
Apply the AFM policy to the applicable Virtual Server(s) in the BIG-IP LTM module to restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_Y24M01_STIG.zip
Item Details
Audit Name: DISA F5 BIG-IP Local Traffic Manager STIG v2r3
Category: ACCESS CONTROL
References: 800-53|AC-4, CAT|I, CCI|CCI-001414, Rule-ID|SV-215740r557356_rule, STIG-ID|F5BI-LT-000007, STIG-Legacy|SV-74691, STIG-Legacy|V-60261, Vuln-ID|V-215740
Plugin: F5
Control ID: c6dee777080c35fec79439e17de9565bf109cb526b3d237a8c7b47e8554c5897