F5BI-DM-000031 – The BIG-IP appliance must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

Details

By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the BIG-IP appliance to use an approved remote authentication server to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_11-x_Y20M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system F5.

References

800-53|AC-7a.
CAT|II
CCI|CCI-000044
Rule-ID|SV-217388r557520_rule
STIG-ID|F5BI-DM-000031
STIG-Legacy|SV-74543
STIG-Legacy|V-60113
Vuln-ID|V-217388

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles