The BIG-IP Core implementation must be able to conform to FICAM-issued profiles when providing authentication to virtual servers.
An XCCDF Rule
Description
<VulnDiscussion>Without conforming to Federal Identity, Credential, and Access Management (FICAM)-issued profiles, the information system may not be interoperable with FICAM-authentication protocols, such as SAML 2.0 and OpenID 2.0. Use of FICAM-issued profiles addresses open identity management standards. This requirement only applies to components where this is specific to the function of the device or has the concept of a non-organizational user, (e.g., ALG capability that is the front end for an application in a DMZ).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-215788r831471_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
If user authentication intermediary services are provided, configure BIG-IP Core as follows:
Configure a policy in the BIG-IP APM module to conform to FICAM-issued profiles when providing authentication.
Apply APM policy to the applicable Virtual Server(s) in the BIG-IP LTM module to conform to FICAM-issued profiles when providing authentication to virtual servers.