STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-215779r557356_rule
V-215779
SRG-NET-000337-ALG-000096
F5BI-LT-000191
CAT II
10
If user access control intermediary services are provided, configure the BIG-IP Core as follows:
Configure a policy in the BIG-IP APM module to require multifactor authentication for remote access to require users to re-authenticate when required by organization-defined circumstances or situations.
Apply APM policy to the applicable Virtual Server(s) in the BIG-IP LTM module to require users to re-authenticate to virtual servers when organization-defined circumstances or situations require re-authentication.
If the BIG-IP Core does not provide user authentication intermediary services for virtual servers, this is not applicable.
When user authentication intermediary services are provided, verify the BIG-IP Core is configured as follows:
Verify Virtual Server(s) in the BIG-IP LTM module are configured with an APM policy to require users to re-authenticate when required by organization-defined circumstances or situations.
Navigate to the BIG-IP System manager>>Local Traffic>>Virtual Servers>>Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Verify under "Access Policy" section that "Access Policy" has been set to use an APM access policy that requires users to re-authenticate to virtual servers when organization-defined circumstances or situations require re-authentication.
If the BIG-IP Core is not configured to require users to re-authenticate when organization-defined circumstances or situations require re-authentication, this is a finding.
V-215779
False
F5BI-LT-000191
If the BIG-IP Core does not provide user authentication intermediary services for virtual servers, this is not applicable.
When user authentication intermediary services are provided, verify the BIG-IP Core is configured as follows:
Verify Virtual Server(s) in the BIG-IP LTM module are configured with an APM policy to require users to re-authenticate when required by organization-defined circumstances or situations.
Navigate to the BIG-IP System manager>>Local Traffic>>Virtual Servers>>Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Verify under "Access Policy" section that "Access Policy" has been set to use an APM access policy that requires users to re-authenticate to virtual servers when organization-defined circumstances or situations require re-authentication.
If the BIG-IP Core is not configured to require users to re-authenticate when organization-defined circumstances or situations require re-authentication, this is a finding.
M
4019