The BIG-IP appliance must be configured to transmit access authorization information using approved security safeguards to authorized information systems that enforce access control decisions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-229001	F5BI-DM-000175	SV-229001r557520_rule		Medium

Description
Protecting access authorization information (i.e., access control decisions) ensures that authorization information cannot be altered, spoofed, or otherwise compromised during transmission. In distributed information systems, authorization processes and access control decisions may occur in separate parts of the systems. In such instances, authorization information is transmitted securely so timely access control decisions can be enforced at the appropriate locations. To support the access control decisions, it may be necessary to transmit, as part of the access authorization information, supporting security attributes. This is because, in distributed information systems, there are various access control decisions that need to be made, and different entities (e.g., services) make these decisions in a serial fashion, each requiring some security attributes to make the decisions.

Description

Protecting access authorization information (i.e., access control decisions) ensures that authorization information cannot be altered, spoofed, or otherwise compromised during transmission. In distributed information systems, authorization processes and access control decisions may occur in separate parts of the systems. In such instances, authorization information is transmitted securely so timely access control decisions can be enforced at the appropriate locations. To support the access control decisions, it may be necessary to transmit, as part of the access authorization information, supporting security attributes. This is because, in distributed information systems, there are various access control decisions that need to be made, and different entities (e.g., services) make these decisions in a serial fashion, each requiring some security attributes to make the decisions.

STIG	Date
F5 BIG-IP Device Management 11.x Security Technical Implementation Guide	2020-09-28

Details

Check Text ( C-31316r518048_chk )
Verify the BIG-IP appliance is configured to use a properly configured authentication server that transmits access authorization information using approved security safeguards to authorized information systems that enforce access control decisions. Navigate to the BIG-IP System manager >> System >> Users >> Authentication. Verify that "User Directory" is set to an approved authentication server and SSL is set to use TLS. If the BIG-IP appliance transmits access authorization information without using approved security safeguards to authorized information systems that enforce access control decisions, this is a finding.

Check Text ( C-31316r518048_chk )

Verify the BIG-IP appliance is configured to use a properly configured authentication server that transmits access authorization information using approved security safeguards to authorized information systems that enforce access control decisions.

Navigate to the BIG-IP System manager >> System >> Users >> Authentication.

Verify that "User Directory" is set to an approved authentication server and SSL is set to use TLS.

If the BIG-IP appliance transmits access authorization information without using approved security safeguards to authorized information systems that enforce access control decisions, this is a finding.

Fix Text (F-31293r518049_fix)
Configure the BIG-IP appliance to use a properly configured authentication server that transmits access authorization information using approved security safeguards to authorized information systems that enforce access control decisions.