STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to F5 BIG-IP Device Management Security Technical Implementation Guide

V-217424

CAT II (Medium)

The F5 BIG-IP must ensure SSH is disabled for root user logon to prevent remote access using the root account.

Rule ID

SV-217424r1043177_rule

STIG

F5 BIG-IP Device Management Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-000366

Discussion

The F5 BIG-IP shell must be locked down to limit the ability to modify the configuration through the shell. Preventing attackers from remotely accessing management functions using root account mitigates the risk that unauthorized individuals or processes may gain superuser access to information or privileges. Additionally, the audit records for actions taken using the group account will not identify the specific person who took the actions.

Check Content

Verify the F5 BIG-IP shell is locked down to limit the ability to modify the configuration through the shell.  
Log in to the Configuration utility as the administrative user.

Navigate to System > Platform.
Under Root Account, verify the Disable login and Disable bash check boxes are checked.

If the value of systemauth.disablerootlogin and db systemauth.disablebash is not set to “true”, then this is a finding.

Fix Text

To ensure that the F5 BIG-IP meets the requirements within the STIG, limit the ability to modify the configuration at the command line. SSH into the command line interface and type in the following commands.

(tmos)# modify sys db systemauth.disablerootlogin value true 
(tmos)# modify sys db systemauth.disablebash value true
(tmos)# save sys config