STIGQter: STIG Summary: A10 Networks ADC NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 15 Apr 2016:

The A10 Networks ADC must enforce the limit of three consecutive invalid logon attempts.

DISA Rule

SV-82523r1_rule

Vulnerability Number

V-68033

Group Title

SRG-APP-000065-NDM-000214

Rule Version

AADC-NM-000015

Severity

CAT II

CCI(s)

• CCI-000044 - The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.

Weight

10

Fix Recommendation

The following command enables admin lockout:
admin lockout enable

The following example locks the admin account after three failed logon attempts sets the A10 ADC to remember the last failed logon for 15 minutes:
admin lockout threshold 3
admin lockout reset-time 15
Note: This will be applied to all administrative accounts.

Check Contents

Review the configuration.

The following command shows the device configuration and filters the output on the keyword "lockout":
show run | inc lockout

View the output; it will contain these commands:
admin lockout enable
admin lockout reset-time 15
admin lockout threshold 3

If it does not, this is a finding.

Vulnerability Number

V-68033

Documentable

False

Rule Version

AADC-NM-000015

Severity Override Guidance

Review the configuration.

The following command shows the device configuration and filters the output on the keyword "lockout":
show run | inc lockout

View the output; it will contain these commands:
admin lockout enable
admin lockout reset-time 15
admin lockout threshold 3

If it does not, this is a finding.

Check Content Reference

M

Target Key

2915

Comments