STIGQter STIGQter: STIG Summary: A10 Networks ADC ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

If the Data Owner requires it, the A10 Networks ADC must be configured to perform CCN Mask, SSN Mask, and PCRE Mask Request checks.

DISA Rule

SV-237061r639630_rule

Vulnerability Number

V-237061

Group Title

SRG-NET-000512-ALG-000062

Rule Version

AADC-AG-000154

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Review the system or enclave documentation and confer with the data owner(s) if necessary. If any data must be masked before it leaves the enclave (such as credit card numbers, Social Security numbers, or other sensitive information), configure the CCN Mask, SSN Mask, and PCRE Mask Request checks.

These checks are applied to a WAF template.

The following command replaces all but the last four digits of credit card numbers with an “x” character:
ccn-mask

The following command replaces all but the last four digits of US Social Security numbers with an “x” character:
ssn-mask

The following command cloaks patterns in a response that match the specified PCRE pattern:
pcre-scrub [pcre-pattern] [keep-end [num-length] |keep-start [num-length] |mask [character]]

Check Contents

Review the device configuration and ask the device Administrator which templates are used for masking sensitive data.

The following command displays the configuration and filters the output on the WAF template section:
show run | sec slb template waf

If there is no WAF template with the required Mask Request checks, this is a finding.

Vulnerability Number

V-237061

Documentable

False

Rule Version

AADC-AG-000154

Severity Override Guidance

Review the device configuration and ask the device Administrator which templates are used for masking sensitive data.

The following command displays the configuration and filters the output on the WAF template section:
show run | sec slb template waf

If there is no WAF template with the required Mask Request checks, this is a finding.

Check Content Reference

M

Target Key

5285

Comments