STIGQter: STIG Summary: A10 Networks ADC ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The A10 Networks ADC being used for TLS encryption and decryption using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certificate Authorities (CAs) for the establishment of protected sessions.

DISA Rule

SV-237048r639591_rule

Vulnerability Number

V-237048

Group Title

SRG-NET-000355-ALG-000117

Rule Version

AADC-AG-000098

Severity

CAT II

CCI(s)

• CCI-002470 - The information system only allows the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Weight

10

Fix Recommendation

If the A10 Networks ADC is used for TLS/SSL decryption for application traffic, import the root and intermediate CA certificates. The certificates can be imported onto the device using FTP or SCP.

Check Contents

If the A10 Networks ADC is not used for TLS/SSL decryption for application traffic, this is not applicable.

If the A10 Networks ADC is used for TLS/SSL decryption for application traffic, verify the A10 Networks ADC only accepts end entity certificates issued by DoD PKI or DoD-approved PKI CAs for the establishment of protected sessions.

If the A10 Networks ADC accepts non-DoD-approved PKI end entity certificates, this is a finding.

Vulnerability Number

V-237048

Documentable

False

Rule Version

AADC-AG-000098

Severity Override Guidance

If the A10 Networks ADC is not used for TLS/SSL decryption for application traffic, this is not applicable.

If the A10 Networks ADC is used for TLS/SSL decryption for application traffic, verify the A10 Networks ADC only accepts end entity certificates issued by DoD PKI or DoD-approved PKI CAs for the establishment of protected sessions.

If the A10 Networks ADC accepts non-DoD-approved PKI end entity certificates, this is a finding.

Check Content Reference

M

Target Key

5285

Comments