Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
F5 BIG-IP TMOS NDM Security Technical Implementation Guide
SRG-APP-000033-NDM-000212
SRG-APP-000033-NDM-000212
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000033-NDM-000212
1 Rule
<GroupDescription></GroupDescription>
The F5 BIG-IP appliance must be configured to assign appropriate user roles or access levels to authenticated users.
High Severity
<VulnDiscussion>Successful identification and authentication must not automatically give an entity full access to a network device or security domain. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset or set of resources. Information systems use access control policies and enforcement mechanisms to implement this requirement. The F5 BIG-IP appliance must enforce organization-defined roles to control privileged access to configure the types or objects a user can manage and/or the tasks a user can perform. For each BIG-IP user account, a different user role can be assigned to each administrative partition to which the user has access. This allows assignment of multiple user roles to each user account on the system. Users can assign a specific user role to each administrative partition to grant the user access. In this way, the BIG-IP configuration objects that the user can manage are controlled, as well as the types of actions the user can perform on those objects. Satisfies: SRG-APP-000033-NDM-000212, SRG-APP-000329-NDM-000287</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>