SV-91127r1_rule
V-76431
SRG-NET-000510-ALG-000111
AKSD-WF-000024
CAT I
10
Configure Kona Site Defender to only allow NIST FIPS-validated cryptography to implement encryption services:
Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).
Confirm Kona Site Defender only allows NIST SP 800-52 TLS settings:
1. Navigate to the Qualys SSL Scanner: https://www.ssllabs.com/ssltest/analyze.html
2. Enter into the scanner the Hostname being tested.
3. Under the "Configurations" and then "Cipher Suites" section, verify that communications are restricted to NIST FIPS-validated cryptography to implement encryption services as defined at https://www.nist.gov/publications/guidelines-selection-configuration-and-use-transport-layer-security-tls-implementations?pub_id=915295.
If the cipher suites include non-NIST FIPS-validated cryptography, this is a finding.
V-76431
False
AKSD-WF-000024
Confirm Kona Site Defender only allows NIST SP 800-52 TLS settings:
1. Navigate to the Qualys SSL Scanner: https://www.ssllabs.com/ssltest/analyze.html
2. Enter into the scanner the Hostname being tested.
3. Under the "Configurations" and then "Cipher Suites" section, verify that communications are restricted to NIST FIPS-validated cryptography to implement encryption services as defined at https://www.nist.gov/publications/guidelines-selection-configuration-and-use-transport-layer-security-tls-implementations?pub_id=915295.
If the cipher suites include non-NIST FIPS-validated cryptography, this is a finding.
M
3165