Skip to content
Catalogs
XCCDF
F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide
SRG-NET-000140-ALG-000094
The BIG-IP Core implementation providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts when granting access to virtual servers.
The BIG-IP Core implementation providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts when granting access to virtual servers. An XCCDF Rule
The BIG-IP Core implementation providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts when granting access to virtual servers.
Medium Severity
<VulnDiscussion>To assure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system.
Multifactor authentication uses two or more factors to achieve authentication. Factors include:
1) Something you know (e.g., password/PIN);
2) Something you have (e.g., cryptographic, identification device, token); and
3) Something you are (e.g., biometric).
Non-privileged accounts are not authorized on the network element regardless of configuration.
Network access is any access to an application by a user (or process acting on behalf of a user) where said access is obtained through a network connection.
The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
This requirement applies to ALGs that provide user authentication intermediary services.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>