NIST SP 800-53r4 iApp template
Problem this snippet solves: This iApp template helps you configure BIG-IP to support security controls consonant with NIST Special Publication 800-53r4. This iApp focuses on management of the BIG-IP itself rather than control of application traffic through the BIG-IP. For more details on this iApp and how it supports NIST Special Publication 800-53r4, enable the Inline Help within the template. The Help tab in the GUI contains additional information. The associated deployment guide is now available at http://www.f5.com/pdf/deployment-guides/nist-sp-800-53-r4-dg.pdf Fully supported version v1.0.0 - Supported release Released the fully supported version of the NIST iApp on 02-08-17. There were no additional changes to the iApp template over RC-6, however the iApp now supports BIG-IP versions 11.5.3 - 12.1.2. See https://support.f5.com/csp/article/K09154349 for instructions on downloading, importing and using the iApp. Release Candidate versions v1.0.1rc3 and rc4 RC3 was released on downloads.f5.com with a single fix (corrected an issue where the iApp would incorrectly detect Appliance Mode). As a part of this fix, the iApp would not load on BIG-IP systems that had a previous version of the NIST iApp. F5 released RC4 on DevCentral with a fix for this issue, and now the iApp loads properly on all devices. This version also contains a fix for multi-line banners and a fix for SNMP so the iApp catches any form of 127.0.0.0 and maps it. Released 1.0.1rc4 of the NIST iApp on 06-18-2018. v1.0.1rc1 Released 1.0.1rc1 of the NIST iApp on 08-18-2017. This version corrects an issue that would cause iApp Failure when configuring custom ports for self IP port lockdown v1.0.0rc6 Released RC-6 of the NIST iApp on 12-12-2016. In RC-6, all customer secrets/passwords in the iApp template are now securely stored. Previously, although secrets were stored in Secure Vault for use, some may have been stored in cleartext in the iApp reconfiguration data.* Added support for BIG-IP versions 12.1 and 12.1.1. Made error messages produced by the template easier to understand. If using RADIUS authentication, you are now limited a maximum of 10 servers. Previously there was no limit. The source-IP option on additional syslog servers is honored in this version. Previously this field was ignored. v1.0.0rc5 Released RC-5 of the NIST iApp on 12-16-2015. RC-5 adds a new question to the iApp template if you specified LDAP as your authentication method, asking if the directory user objects include group-membership attributes (like memberOf). Adds All as an option for remote-role partition access Other minor bug fixes. v1.0.0rc4 Released RC-4 of the NIST iApp on 12-02-2015. RC-4 adds support for BIG-IP v11.5.3. The main difference is the "Fraud Protection Manager" role was not available in 11.5.3, and only v11.6 and later.* Added the iRule Manager role that was missing in previous versions of the iApp. Clarified the answers and inline help for the MCPD audit log section. v1.0.0rc3 Released RC-3 of the NIST iApp on 11-12-2015. RC-3 contains mostly clarifications to the iApp presentation, including question/answer text and the inline help. Added warning messages where applicable. For the Management Access and SNMP Access IP addresses sections, removed the option to not allow any IP addresses, as this could cause issues, such as users inadvertently locking themselves out of the system. v1.0.0rc2 Released RC-2 of the NIST iApp on 10-30-2015. RC-2 corrects an issue where the option to revert to the pre-iApp configuration was not working properly.* Enhanced the management of self-IP access policies. Changes are now saved as the default for use with new self-IP objects as well as applied to existing self IP objects. Code : 88573
