STIGQter: STIG Summary: A10 Networks ADC ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: A10 Networks ADC ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-237061r639630_rule
V-237061
SRG-NET-000512-ALG-000062
AADC-AG-000154
CAT II
10
Review the system or enclave documentation and confer with the data owner(s) if necessary. If any data must be masked before it leaves the enclave (such as credit card numbers, Social Security numbers, or other sensitive information), configure the CCN Mask, SSN Mask, and PCRE Mask Request checks.
These checks are applied to a WAF template.
The following command replaces all but the last four digits of credit card numbers with an “x” character:
ccn-mask
The following command replaces all but the last four digits of US Social Security numbers with an “x” character:
ssn-mask
The following command cloaks patterns in a response that match the specified PCRE pattern:
pcre-scrub [pcre-pattern] [keep-end [num-length] |keep-start [num-length] |mask [character]]
Review the device configuration and ask the device Administrator which templates are used for masking sensitive data.
The following command displays the configuration and filters the output on the WAF template section:
show run | sec slb template waf
If there is no WAF template with the required Mask Request checks, this is a finding.
V-237061
False
AADC-AG-000154
Review the device configuration and ask the device Administrator which templates are used for masking sensitive data.
The following command displays the configuration and filters the output on the WAF template section:
show run | sec slb template waf
If there is no WAF template with the required Mask Request checks, this is a finding.
M
5285