Details

Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes.

If emergency accounts remain active when no longer needed, they may be used to gain unauthorized access. The risk is greater for the network device since these accounts have elevated privileges. To mitigate this risk, automated termination of all emergency accounts must be set upon account creation.

Emergency accounts are different from infrequently used accounts (i.e., local logon accounts used by network administrators when network or normal logon/access is not available). Infrequently used accounts also remain available and are not subject to automatic termination dates. However, an emergency account is normally a different account that is created for use by vendors or system maintainers.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the BIG-IP appliance to use a properly configured remote authentication server to automatically disable or remove emergency accounts after 72 hours.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_11-x_Y20M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Configuration Management.This control applies to the following type of system F5.

References

• 800-53|AC-2(2)
• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• CCI|CCI-001682
• Rule-ID|SV-228992r557520_rule
• STIG-ID|F5BI-DM-000149
• STIG-Legacy|SV-74601
• STIG-Legacy|V-60171
• Vuln-ID|V-228992

Source

• Tenable.com/audits