The BIG-IP appliance must be configured to notify the administrator of changes to access and/or privilege parameters of the administrator account that occurred since the last logon.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-60119 | F5BI-DM-000041 | SV-74549r1_rule | Medium |
| Description |
|---|
| Providing administrators with information regarding security-related changes to their account allows them to determine if any unauthorized activity has occurred. Changes to the account could be an indication of the account being compromised. Hence, without notification to the administrator, the compromise could go undetected if other controls were not in place to mitigate this risk. |
| STIG | Date |
|---|---|
| F5 BIG-IP Device Management 11.x Security Technical Implementation Guide | 2015-06-02 |
Details
| Check Text ( C-60937r1_chk ) |
|---|
| Verify the BIG-IP appliance is configured to use a properly configured authentication server that notifies the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon. Navigate to the BIG-IP System manager >> System >> Users >> Authentication. Verify "Authentication: User Directory" is configured for an approved remote authentication server to notify the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon. If the BIG-IP appliance is not configured to use a properly configured authentication server that notifies the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon, this is a finding. |
| Fix Text (F-65669r1_fix) |
|---|
| Configure the BIG-IP appliance to use a properly configured authentication server that notifies the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon. |