The BIG-IP appliance must be configured to notify the administrator of changes to access and/or privilege parameters of the administrator account that occurred since the last logon.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-60119	F5BI-DM-000041	SV-74549r1_rule		Medium

Description
Providing administrators with information regarding security-related changes to their account allows them to determine if any unauthorized activity has occurred. Changes to the account could be an indication of the account being compromised. Hence, without notification to the administrator, the compromise could go undetected if other controls were not in place to mitigate this risk.

STIG	Date
F5 BIG-IP Device Management 11.x Security Technical Implementation Guide	2015-06-02

Details

Check Text ( C-60937r1_chk )
Verify the BIG-IP appliance is configured to use a properly configured authentication server that notifies the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon. Navigate to the BIG-IP System manager >> System >> Users >> Authentication. Verify "Authentication: User Directory" is configured for an approved remote authentication server to notify the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon. If the BIG-IP appliance is not configured to use a properly configured authentication server that notifies the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon, this is a finding.

Check Text ( C-60937r1_chk )

Verify the BIG-IP appliance is configured to use a properly configured authentication server that notifies the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon.

Navigate to the BIG-IP System manager >> System >> Users >> Authentication.

Verify "Authentication: User Directory" is configured for an approved remote authentication server to notify the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon.

If the BIG-IP appliance is not configured to use a properly configured authentication server that notifies the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon, this is a finding.

Fix Text (F-65669r1_fix)
Configure the BIG-IP appliance to use a properly configured authentication server that notifies the administrator of changes to access and/or privilege parameters of the administrator's account that occurred since the last logon.