Overview of BIG-IP administrative access controls

Information

The BIG-IP system provides a number of access control mechanisms to maintain secure access to the device, to ensure interoperability in a variety of environments with established requirements, and to assist in meeting industry standards, such as PCI compliance. These include a hierarchy of user accounts and access privileges, password enforcement options, and support for various authentication technologies.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

The BIG-IP system supports both local and remote authentication schemas. You can configure only one user authentication scheme for the system. A BIG-IP administrator can use the Configuration utility, the TMOS Shell (tmsh) (11.x and later), or the bigpipe utility (9.x through 10.x) to create and delete BIG-IP user accounts, change passwords, and enforce a global password policy, which includes password strength, password aging, password re-use, allowed number of login failures, and other security settings. By contrast, when you use remote user accounts, the creation, management, and password policies for the system user accounts are maintained through a remote authentication server.

See Also

https://support.f5.com/csp/article/K53108777#link_01

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-3(7), 800-53|CM-6b., CAT|II, CCI|CCI-000366, CCI|CCI-002169, Rule-ID|SV-74623r1_rule, STIG-ID|F5BI-DM-000179, Vuln-ID|V-60193

Plugin: F5

Control ID: 5d428b0dd4f820e19c58afb502f276c94fcce286597ea74ab486cd001200db5d