STIGQter STIGQter: STIG Summary: F5 BIG-IP Access Policy Manager 11.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 29 May 2015: The BIG-IP APM module must map the authenticated identity to the user account for PKI-based authentication to virtual servers.

DISA Rule

SV-74465r1_rule

Vulnerability Number

V-60035

Group Title

SRG-NET-000166-ALG-000101

Rule Version

F5BI-AP-000085

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If the BIG-IP APM module provides PKI-based, user authentication intermediary services, configure a profile in the BIG-IP APM module to map the authenticated identity to the user account for PKI-based authentication.

Check Contents

If the BIG-IP APM module does not provide PKI-based, user authentication intermediary services, this is not applicable.

Verify the BIG-IP APM module maps the authenticated identity to the user account for PKI-based authentication.

Navigate to the BIG-IP System manager >> Access Policy >> Access Profiles.

Click "Edit..." in the "Access Policy" column for an Access Profile used for PKI-based authentication.

Verify the Access Profile is configured to map the authenticated identity to the user account for PKI-based authentication.

If the BIG-IP APM module does not map the authenticated identity to the user account for PKI-based authentication, this is a finding.

Vulnerability Number

V-60035

Documentable

False

Rule Version

F5BI-AP-000085

Severity Override Guidance

If the BIG-IP APM module does not provide PKI-based, user authentication intermediary services, this is not applicable.

Verify the BIG-IP APM module maps the authenticated identity to the user account for PKI-based authentication.

Navigate to the BIG-IP System manager >> Access Policy >> Access Profiles.

Click "Edit..." in the "Access Policy" column for an Access Profile used for PKI-based authentication.

Verify the Access Profile is configured to map the authenticated identity to the user account for PKI-based authentication.

If the BIG-IP APM module does not map the authenticated identity to the user account for PKI-based authentication, this is a finding.

Check Content Reference

M

Target Key

2837

Comments