Skip to content
Catalogs
XCCDF
F5 BIG-IP Access Policy Manager Security Technical Implementation Guide
SRG-NET-000015-ALG-000016
The F5 BIG-IP appliance must enforce approved authorizations for logical access to resources by explicitly configuring assigned resources with an authorization list.
The F5 BIG-IP appliance must enforce approved authorizations for logical access to resources by explicitly configuring assigned resources with an authorization list. An XCCDF Rule
The F5 BIG-IP appliance must enforce approved authorizations for logical access to resources by explicitly configuring assigned resources with an authorization list.
Medium Severity
<VulnDiscussion>Authentication alone must not be sufficient to assign APM resources to a connecting client. Access to APM resources (e.g., Portal, VPN, Webtop, Remote Desktop, etc.,) must be granted only after a successful authorization check occurs. Resource assignments can be configured using APM Access Policy Advanced Resource Assign VPE agents and Resource Assign VPE agents. These agents must be configured explicitly with an authorization list. If resources are assigned to these types of agents with empty expressions, that expression acts as the default authorization list.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>