STIGQter: STIG Summary: Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

Kona Site Defender must immediately use updates made to policy enforcement mechanisms to enforce that all traffic flows over HTTPS port 443.

DISA Rule

SV-91087r1_rule

Vulnerability Number

V-76391

Group Title

SRG-NET-000019-ALG-000018

Rule Version

AKSD-WF-000001

Severity

CAT I

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Configure Kona Site Defender to enforce all traffic flows over HTTPS port 443:

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Click the "Select Group or Property" button.
3. Select the configuration that is being reviewed.
4. Under the "Active Production" section, click on the active version.
5. On the "Property Manager Editor" screen, click the "Edit New Version" button.
6. In the "Property Version Information" section, enable the "Security Options" check box.
7. Click the "Save" button.
8. Select the "Activate" tab and push the configuration to production.

Check Contents

Confirm Kona Site Defender is configured to enforce all traffic flows over HTTPS port 443:

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Click the "Select Group or Property" button.
3. Select the configuration that is being reviewed.
4. Under the "Active Production" section, click on the active version.
5. In the "Property Version Information" section, verify the "Security Options" check box is checked.

If the "Security Options" check box in "Property Manager" is not configured to enforce all traffic flows over HTTPS port 443, this is a finding.

Vulnerability Number

V-76391

Documentable

False

Rule Version

AKSD-WF-000001

Severity Override Guidance

Confirm Kona Site Defender is configured to enforce all traffic flows over HTTPS port 443:

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Click the "Select Group or Property" button.
3. Select the configuration that is being reviewed.
4. Under the "Active Production" section, click on the active version.
5. In the "Property Version Information" section, verify the "Security Options" check box is checked.

If the "Security Options" check box in "Property Manager" is not configured to enforce all traffic flows over HTTPS port 443, this is a finding.

Check Content Reference

M

Target Key

3165

Comments