Detections
Analytics
F5BI-DM-000261 - The BIG-IP appliance must be configured to notify the administrator of the number of successful logon attempts occurring during an organization-defined time period.
Information
Administrators need to be aware of activity that occurs regarding their network device management account. Providing administrators with information regarding the date and time of their last successful logon allows the administrator to determine if any unauthorized activity has occurred. This incorporates all methods of logon, including, but not limited to, SSH, HTTP, HTTPS, and physical connectivity.The organization-defined time period is dependent on the frequency with which administrators typically log on to the network device.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the BIG-IP appliance to use a properly configured authentication server to notify the administrator of the number of successful logon attempts occurring during an organization-defined time period.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_Y25M01_STIG.zip
Item Details
Audit Name: DISA F5 BIG-IP Device Management STIG v2r4
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT
References: 800-53|AC-9(2), 800-53|CM-6b., CAT|III, CCI|CCI-000366, CCI|CCI-001391, Rule-ID|SV-229009r961863_rule, STIG-ID|F5BI-DM-000261, STIG-Legacy|SV-74653, STIG-Legacy|V-60223, Vuln-ID|V-229009
Plugin: F5
Control ID: aa5e0e84c622aded004dc1f5cc66c65bb5ba28042f7cb30f119a79588fb97b3f