UCF STIG Viewer Logo

The BIG-IP appliance must be configured to employ automated mechanisms to centrally verify authentication settings.


Overview

Finding ID Version Rule ID IA Controls Severity
V-229012 F5BI-DM-000273 SV-229012r557520_rule Medium
Description
The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrator accounts for daily usage on each network device without centralized management is not scalable or feasible. Without centralized management, it is likely that credentials for some network devices will be forgotten, leading to delays in administration, which itself leads to delays in remediating production problems and in addressing compromises in a timely fashion.
STIG Date
F5 BIG-IP Device Management 11.x Security Technical Implementation Guide 2020-09-28

Details

Check Text ( C-31327r518080_chk )
Verify the BIG-IP appliance is configured to use a remote authentication server to centrally verify authentication settings.

Navigate to the BIG-IP System manager >> System >> Users >> Authentication.

Verify that "User Directory" is set to an approved authentication server type that employs automated mechanisms to centrally verify authentication settings.

If authentication settings are not verified centrally using automated mechanisms, this is a finding.
Fix Text (F-31304r518081_fix)
Configure the BIG-IP appliance to use an approved remote authentication server to employ automated mechanisms to centrally verify authentication settings.