Detections
Analytics
F5BI-DM-000101 - The BIG-IP appliance must be configured to ensure administrators are authenticated with an individual authenticator prior to using a group authenticator.
Information
To assure individual accountability and prevent unauthorized access, administrators must be individually identified and authenticated.Individual accountability mandates that each administrator is uniquely identified. A group authenticator is a shared account or some other form of authentication that allows multiple unique individuals to access the network device using a single account.
If a device allows or provides for group authenticators, it must first individually authenticate administrators prior to implementing group authenticator functionality.
Some devices may not have the need to provide a group authenticator; this is considered a matter of device design. In those instances where the device design includes the use of a group authenticator, this requirement will apply. This requirement applies to accounts created and managed on or by the network device.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure the BIG-IP appliance to authenticate administrators with an individual authenticator prior to using a group authenticator.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_Y25M01_STIG.zip
Item Details
Audit Name: DISA F5 BIG-IP Device Management STIG v2r4
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-2(5), CAT|II, CCI|CCI-000770, Rule-ID|SV-217397r984091_rule, STIG-ID|F5BI-DM-000101, STIG-Legacy|SV-74575, STIG-Legacy|V-60145, Vuln-ID|V-217397
Plugin: F5
Control ID: 4ff79b888e8c44078a456ee86c758f311983e86583be1f054f192a1f546c5962