This iApp template helps you configure BIG-IP to support security controls consonant with NIST Special Publication 800-53r4. This iApp focuses on management of the BIG-IP itself rather than control of application traffic through the BIG-IP. For more details on this iApp and how it supports NIST Special Publication 800-53r4, enable the Inline Help within the template. The Help tab in the GUI contains additional information.
RC3 was released on downloads.f5.com with a single fix (corrected an issue where the iApp would incorrectly detect Appliance Mode). As a part of this fix, the iApp would not load on BIG-IP systems that had a previous version of the NIST iApp.
F5 released RC4 on DevCentral with a fix for this issue, and now the iApp loads properly on all devices. This version also contains a fix for multi-line banners and a fix for SNMP so the iApp catches any form of 127.0.0.0 and maps it.
Released 1.0.1rc4 of the NIST iApp on 06-18-2018.
v1.0.1rc1
Released 1.0.1rc1 of the NIST iApp on 08-18-2017.
This version corrects an issue that would cause iApp Failure when configuring custom ports for self IP port lockdown
v1.0.0rc6
Released RC-6 of the NIST iApp on 12-12-2016.
In RC-6, all customer secrets/passwords in the iApp template are now securely stored. Previously, although secrets were stored in Secure Vault for use, some may have been stored in cleartext in the iApp reconfiguration data.* Added support for BIG-IP versions 12.1 and 12.1.1.
Made error messages produced by the template easier to understand.
If using RADIUS authentication, you are now limited a maximum of 10 servers. Previously there was no limit.
The source-IP option on additional syslog servers is honored in this version. Previously this field was ignored.
v1.0.0rc5
Released RC-5 of the NIST iApp on 12-16-2015.
RC-5 adds a new question to the iApp template if you specified LDAP as your authentication method, asking if the directory user objects include group-membership attributes (like memberOf).
Adds All as an option for remote-role partition access
Other minor bug fixes.
v1.0.0rc4
Released RC-4 of the NIST iApp on 12-02-2015.
RC-4 adds support for BIG-IP v11.5.3. The main difference is the "Fraud Protection Manager" role was not available in 11.5.3, and only v11.6 and later.* Added the iRule Manager role that was missing in previous versions of the iApp.
Clarified the answers and inline help for the MCPD audit log section.
v1.0.0rc3
Released RC-3 of the NIST iApp on 11-12-2015.
RC-3 contains mostly clarifications to the iApp presentation, including question/answer text and the inline help. Added warning messages where applicable. For the Management Access and SNMP Access IP addresses sections, removed the option to not allow any IP addresses, as this could cause issues, such as users inadvertently locking themselves out of the system.
v1.0.0rc2
Released RC-2 of the NIST iApp on 10-30-2015.
RC-2 corrects an issue where the option to revert to the pre-iApp configuration was not working properly.* Enhanced the management of self-IP access policies. Changes are now saved as the default for use with new self-IP objects as well as applied to existing self IP objects.
The "Remote Roles -- AC-3(7), CM-5" configuration section only allows a maximum of 5 group/roles to be managed from the NIST iApp.
Can this be bumped to 10, or such. We want to keep these roles controlled from iApp versus having to add the few extra roles we need outside it from "System ›› Users : Remote Role Groups" directly.
