F5BI-DM-000025 – The BIG-IP appliance must automatically audit account removal actions.
Details Account management, as a whole, ensures access to the network device is being controlled in a secure manner by...
- Home
- Security Hardening
- DISA F5 Big IP Device Management 11.x STIG V2R1
DISA F5 Big IP Device Management 11.x STIG V2R1
F5BI-DM-000027 – The BIG-IP appliance must be configured to enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.
Details To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved...F5BI-DM-000031 – The BIG-IP appliance must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
Details By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...F5BI-DM-000033 – The BIG-IP appliance must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device – Banner Enabled
Details Display of the DoD-approved use notification before granting access to the network device ensures privacy and security notification verbiage...F5BI-DM-000033 – The BIG-IP appliance must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device – Banner Text
Details Display of the DoD-approved use notification before granting access to the network device ensures privacy and security notification verbiage...F5BI-DM-000037 – Upon successful logon, the BIG-IP appliance must be configured to notify the administrator of the date and time of the last logon.
Details Administrators need to be aware of activity that occurs regarding their network device management account. Providing administrators with information...F5BI-DM-000039 – Upon successful logon, the BIG-IP appliance must be configured to notify the administrator of the number of unsuccessful logon attempts since the last successful logon.
Details Administrators need to be aware of activity that occurs regarding their network device management account. Providing administrators with information...F5BI-DM-000119 – If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password.
Details If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password...F5BI-DM-000121 – The BIG-IP appliance must only store encrypted representations of passwords.
Details Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords...F5BI-DM-000073 – The BIG-IP appliance must be configured to protect audit information from any type of unauthorized read access.
Details Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system...