STIGQter STIGQter: STIG Summary: Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017: Kona Site Defender providing user authentication intermediary services using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of protected sessions.

DISA Rule

SV-91129r1_rule

Vulnerability Number

V-76433

Group Title

SRG-NET-000355-ALG-000117

Rule Version

AKSD-WF-000025

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure Kona Site Defender to accept only end entity certificates issued by DoD PKI or DoD-approved PKI CAs for the establishment of protected sessions:

Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).

Check Contents

If Kona Site Defender is providing user authentication intermediary services, confirm that it accepts only end entity certificates issued by DoD PKI or DoD-approved PKI CAs for the establishment of protected sessions:

Contact the Akamai Professional Services team to confirm accepted certificate authorities at 1-877-4-AKATEC (1-877-425-2832).

If the Akamai Professional Services team confirms that the list of accepted certificate authorities is not issued by DoD-approved PKI certification authorities, this is a finding.

Vulnerability Number

V-76433

Documentable

False

Rule Version

AKSD-WF-000025

Severity Override Guidance

If Kona Site Defender is providing user authentication intermediary services, confirm that it accepts only end entity certificates issued by DoD PKI or DoD-approved PKI CAs for the establishment of protected sessions:

Contact the Akamai Professional Services team to confirm accepted certificate authorities at 1-877-4-AKATEC (1-877-425-2832).

If the Akamai Professional Services team confirms that the list of accepted certificate authorities is not issued by DoD-approved PKI certification authorities, this is a finding.

Check Content Reference

M

Target Key

3165

Comments