F5BI-AS-000031 - The BIG-IP ASM module supporting intermediary services for remote access communications traffic must ensure inbound traffic is monitored for compliance with remote access security policies.

Information

Automated monitoring of remote access traffic allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities.

Remote access methods include both unencrypted and encrypted traffic (e.g., web portals, web content filter, TLS, and webmail). With inbound TLS inspection, the traffic must be inspected prior to being allowed on the enclave's web servers hosting TLS or HTTPS applications.

Remote access security policies provide the guidance and define the traffic that will be monitored. These policies consist of local policies, organizational policies, and DoD policies.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

If intermediary services for remote access communications traffic for virtual servers is supported by the BIG-IP ASM module, configure an ASM security policy to monitor inbound traffic for compliance with remote access security policies, to be applied to the applicable virtual servers in the BIG-IP LTM module.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_11-x_Y20M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(1), CAT|II, CCI|CCI-000067, Rule-ID|SV-74497r1_rule, STIG-ID|F5BI-AS-000031, Vuln-ID|V-60067

Plugin: F5

Control ID: 0e950df1ac5c1f324d8d50f2b2f612d17b972ded2141d50512add955da7a2217