STIGQter: STIG Summary: F5 BIG-IP Access Policy Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The BIG-IP APM module must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to virtual servers.

DISA Rule

SV-215715r557355_rule

Vulnerability Number

V-215715

Group Title

SRG-NET-000041-ALG-000022

Rule Version

F5BI-AP-000023

Severity

CAT III

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

10

Fix Recommendation

If user access control intermediary services are provided as part of the traffic management functions of the BIG-IP Core, configure an access policy in the BIG-IP APM module to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to virtual servers.

Check Contents

If the BIG-IP APM module does not provide user access control intermediary services as part of the traffic management functions of the BIG-IP Core, this is not applicable.

Verify the BIG-IP APM module is configured to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to virtual servers.

Navigate to the BIG-IP System manager >> Access Policy >> Access Profiles.

Click "Edit..." in the "Access Policy" column for an Access Profile used for granting access.

Verify the Access Profile is configured to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access.

If the BIG-IP APM module is not configured to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the virtual servers, this is a finding.

Vulnerability Number

V-215715

Documentable

False

Rule Version

F5BI-AP-000023

Severity Override Guidance

If the BIG-IP APM module does not provide user access control intermediary services as part of the traffic management functions of the BIG-IP Core, this is not applicable.

Verify the BIG-IP APM module is configured to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to virtual servers.

Navigate to the BIG-IP System manager >> Access Policy >> Access Profiles.

Click "Edit..." in the "Access Policy" column for an Access Profile used for granting access.

Verify the Access Profile is configured to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access.

If the BIG-IP APM module is not configured to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the virtual servers, this is a finding.

Check Content Reference

M

Target Key

4018

Comments