STIGQter: STIG Summary: Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

Kona Site Defender must reveal error messages only to the ISSO, ISSM, and SCA.

DISA Rule

SV-91149r1_rule

Vulnerability Number

V-76453

Group Title

SRG-NET-000402-ALG-000130

Rule Version

AKSD-WF-000039

Severity

CAT I

CCI(s)

• CCI-001314 - The information system reveals error messages only to organization-defined personnel or roles.

Weight

10

Fix Recommendation

Ensure that only authorized personnel have access to the Kona Site Defender portal (Luna):

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Select "Configure" and then "Manage Users & Groups".
3. Select the "Users" tab.
4. Add the correct personnel by clicking the "Create a New User" button or remove existing users by clicking the gear icon next to their entry and selecting "Delete this user".

Check Contents

Verify that only authorized personnel have access to the Kona Site Defender portal (Luna):

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Select "Configure" and then "Manage Users & Groups".
3. Select the "Roles" tab.
4. Review the personnel list and their current roles.

If non-privileged users can perform privileged functions, this is a finding.

Vulnerability Number

V-76453

Documentable

False

Rule Version

AKSD-WF-000039

Severity Override Guidance

Verify that only authorized personnel have access to the Kona Site Defender portal (Luna):

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Select "Configure" and then "Manage Users & Groups".
3. Select the "Roles" tab.
4. Review the personnel list and their current roles.

If non-privileged users can perform privileged functions, this is a finding.

Check Content Reference

M

Target Key

3165

Comments