STIGQter STIGQter: STIG Summary: Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017: Kona Site Defender providing encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services.

DISA Rule

SV-91127r1_rule

Vulnerability Number

V-76431

Group Title

SRG-NET-000510-ALG-000111

Rule Version

AKSD-WF-000024

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure Kona Site Defender to only allow NIST FIPS-validated cryptography to implement encryption services:

Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).

Check Contents

Confirm Kona Site Defender only allows NIST SP 800-52 TLS settings:

1. Navigate to the Qualys SSL Scanner: https://www.ssllabs.com/ssltest/analyze.html
2. Enter into the scanner the Hostname being tested.
3. Under the "Configurations" and then "Cipher Suites" section, verify that communications are restricted to NIST FIPS-validated cryptography to implement encryption services as defined at https://www.nist.gov/publications/guidelines-selection-configuration-and-use-transport-layer-security-tls-implementations?pub_id=915295.

If the cipher suites include non-NIST FIPS-validated cryptography, this is a finding.

Vulnerability Number

V-76431

Documentable

False

Rule Version

AKSD-WF-000024

Severity Override Guidance

Confirm Kona Site Defender only allows NIST SP 800-52 TLS settings:

1. Navigate to the Qualys SSL Scanner: https://www.ssllabs.com/ssltest/analyze.html
2. Enter into the scanner the Hostname being tested.
3. Under the "Configurations" and then "Cipher Suites" section, verify that communications are restricted to NIST FIPS-validated cryptography to implement encryption services as defined at https://www.nist.gov/publications/guidelines-selection-configuration-and-use-transport-layer-security-tls-implementations?pub_id=915295.

If the cipher suites include non-NIST FIPS-validated cryptography, this is a finding.

Check Content Reference

M

Target Key

3165

Comments