STIGQter STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The BIG-IP Core implementation must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocol, and Service Management (PPSM) Category Assurance List (CAL) and vulnerability assessments.

DISA Rule

SV-215757r557356_rule

Vulnerability Number

V-215757

Group Title

SRG-NET-000132-ALG-000087

Rule Version

F5BI-LT-000071

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Virtual Servers in the BIG-IP LTM module to use only ports, protocols, and/or services required for operation of the BIG-IP Core.

Check Contents

Review the BIG-IP Core to verify the minimum ports, protocols, and services that are required for operation of the BIG-IP Core are configured.

Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.

Compare enabled ports, protocols, and/or services in the "Service Port" column with the PPSM and IAVM requirements.

If the BIG-IP Core is configured with ports, protocols, and/or services that are not required for operations or restricted by the PPSM, this is a finding.

Vulnerability Number

V-215757

Documentable

False

Rule Version

F5BI-LT-000071

Severity Override Guidance

Review the BIG-IP Core to verify the minimum ports, protocols, and services that are required for operation of the BIG-IP Core are configured.

Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.

Compare enabled ports, protocols, and/or services in the "Service Port" column with the PPSM and IAVM requirements.

If the BIG-IP Core is configured with ports, protocols, and/or services that are not required for operations or restricted by the PPSM, this is a finding.

Check Content Reference

M

Target Key

4019

Comments