Details
Without conforming to Federal Identity, Credential, and Access Management (FICAM)-issued profiles, the information system may not be interoperable with FICAM-authentication protocols, such as SAML 2.0 and OpenID 2.0.
Use of FICAM-issued profiles addresses open identity management standards.
This requirement only applies to components where this is specific to the function of the device or has the concept of a non-organizational user, (e.g., ALG capability that is the front end for an application in a DMZ).
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
If user authentication intermediary services are provided, configure BIG-IP Core as follows:
Configure a policy in the BIG-IP APM module to conform to FICAM-issued profiles when providing authentication.
Apply APM policy to the applicable Virtual Server(s) in the BIG-IP LTM module to conform to FICAM-issued profiles when providing authentication to virtual servers.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system F5.
References
- 800-53|IA-8(4)
- CAT|II
- CCI|CCI-002014
- Rule-ID|SV-215788r557356_rule
- STIG-ID|F5BI-LT-000211
- STIG-Legacy|SV-74787
- STIG-Legacy|V-60357
- Vuln-ID|V-215788