The BIG-IP APM module must accept Personal Identity Verification (PIV) credentials when providing user authentication to virtual servers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-60051	F5BI-AP-000197	SV-74481r1_rule		Medium

Description
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD-12, as well as a primary component of layered protection for national security systems. This requirement applies to ALGs that provide user authentication intermediary services.

Description

The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD-12, as well as a primary component of layered protection for national security systems. This requirement applies to ALGs that provide user authentication intermediary services.

STIG	Date
F5 BIG-IP Access Policy Manager 11.x Security Technical Implementation Guide	2015-06-02

Details

Check Text ( C-60731r1_chk )
If the BIG-IP APM module does not provide user authentication intermediary services, this is not applicable. Verify the BIG-IP APM module is configured as follows: Navigate to the BIG-IP System manager >> Access Policy >> Access Profiles. Click "Edit..." in the "Access Policy" column for an Access Profile used for user authentication. Verify the Access Profile is configured to accept Personal Identity Verification (PIV) credentials when providing user authentication. If the BIG-IP APM module is not configured to accept Personal Identity Verification (PIV) credentials, this is a finding.

Check Text ( C-60731r1_chk )

If the BIG-IP APM module does not provide user authentication intermediary services, this is not applicable.

Verify the BIG-IP APM module is configured as follows:

Navigate to the BIG-IP System manager >> Access Policy >> Access Profiles.

Click "Edit..." in the "Access Policy" column for an Access Profile used for user authentication.

Verify the Access Profile is configured to accept Personal Identity Verification (PIV) credentials when providing user authentication.

If the BIG-IP APM module is not configured to accept Personal Identity Verification (PIV) credentials, this is a finding.

Fix Text (F-65461r1_fix)
If user authentication intermediary services are provided, configure an access policy in the BIG-IP APM module to accept Personal Identity Verification (PIV) credentials.