STIGQter: STIG Summary: Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

Kona Site Defender providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.

DISA Rule

SV-91143r1_rule

Vulnerability Number

V-76447

Group Title

SRG-NET-000392-ALG-000142

Rule Version

AKSD-WF-000035

Severity

CAT II

CCI(s)

• CCI-002664 - The information system alerts organization-defined personnel or roles when organization-defined compromise indicators reflect the occurrence of a compromise or a potential compromise.

Weight

10

Fix Recommendation

Configure Kona Site Defender to alert the ISSO, ISSM, and SA when detection events occur:

1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com).
2. Click the "Monitor" tab.
3. Under the "Security" section select "Security Monitor".
4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside)
5. Click the "Configure Notification" button shaped like a plus sign.
6. Click the "Add Notification" button shaped like a plus sign.
7. Click the "Show Advanced View" link.
8. Set the "Notification Name" to "WAF Activity Mitigated"
9. Enter a more detailed description in the “Description” text box.
10. Set the priority to "high".
11. In the "Notify When:" section, set "Mitigated" to greater than (>) "1".
12. Set the “Apply Filter:” dropdowns to “Host Name” and “Contains”, and enter the applicable host name in the text box.
13. Set "During:" to "1 Minute".
14. Set "Notify After:" to "1" occurrences.
15. Select the "Host Name" check box in the "For:" area.
16. Add the ISSO and ISSM emails to the "Email to:" field.
17. Click the “Save” button.

Check Contents

Confirm Kona Site Defender is configured to alert the ISSO, ISSM, and SA when detection events occur:

1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com).
2. Click the "Monitor" tab.
3. Under the "Security" section select "Security Monitor".
4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside)
5. Click the "Configure Notification" button shaped like a plus sign.
6. Confirm that notifications are being sent when "Mitigated" is greater than (>) "1".

If the alerts are not being sent, this is a finding.

Vulnerability Number

V-76447

Documentable

False

Rule Version

AKSD-WF-000035

Severity Override Guidance

Confirm Kona Site Defender is configured to alert the ISSO, ISSM, and SA when detection events occur:

1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com).
2. Click the "Monitor" tab.
3. Under the "Security" section select "Security Monitor".
4. Click the "Notification" button (an icon shaped like a triangle with an exclamation point on the inside)
5. Click the "Configure Notification" button shaped like a plus sign.
6. Confirm that notifications are being sent when "Mitigated" is greater than (>) "1".

If the alerts are not being sent, this is a finding.

Check Content Reference

M

Target Key

3165

Comments