| Checked | Name | Title |
|---|
| ☐ | SV-237032r639543_rule | The A10 Networks ADC, when used for TLS encryption and decryption, must be configured to comply with the required TLS settings in NIST SP 800-52. |
| ☐ | SV-237033r639546_rule | The A10 Networks ADC, when used to load balance web applications, must enable external logging for accessing Web Application Firewall data event messages. |
| ☐ | SV-237034r639549_rule | The A10 Networks ADC must send an alert to, at a minimum, the ISSO and SCA when connectivity to the Syslog servers is lost. |
| ☐ | SV-237035r639552_rule | The A10 Networks ADC must not have unnecessary scripts installed. |
| ☐ | SV-237036r639555_rule | The A10 Networks ADC must use DNS Proxy mode when Global Server Load Balancing is used. |
| ☐ | SV-237037r639558_rule | The A10 Networks ADC must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the PPSM CAL and vulnerability assessments. |
| ☐ | SV-237038r639561_rule | The A10 Networks ADC when used for TLS encryption and decryption must validate certificates used for TLS functions by performing RFC 5280-compliant certification path validation. |
| ☐ | SV-237039r639564_rule | The A10 Networks ADC must not have any unnecessary or unapproved virtual servers configured. |
| ☐ | SV-237040r639567_rule | The A10 Networks ADC, when used to load balance web applications, must strip HTTP response headers. |
| ☐ | SV-237041r639570_rule | The A10 Networks ADC, when used to load balance web applications, must replace response codes. |
| ☐ | SV-237042r639573_rule | To protect against data mining, the A10 Networks ADC must detect and prevent SQL and other code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields. |
| ☐ | SV-237043r639576_rule | To protect against data mining, the A10 Networks ADC must detect and prevent code injection attacks launched against application objects including, at a minimum, application URLs and application code. |
| ☐ | SV-237044r639579_rule | To protect against data mining, the A10 Networks ADC providing content filtering must prevent SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields. |
| ☐ | SV-237045r639582_rule | To protect against data mining, the A10 Networks ADC providing content filtering must detect code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields. |
| ☐ | SV-237046r639585_rule | To protect against data mining, the A10 Networks ADC providing content filtering must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields. |
| ☐ | SV-237047r639588_rule | To protect against data mining, the A10 Networks ADC providing content filtering as part of its intermediary services must detect code injection attacks launched against application objects including, at a minimum, application URLs and application code. |
| ☐ | SV-237048r639591_rule | The A10 Networks ADC being used for TLS encryption and decryption using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certificate Authorities (CAs) for the establishment of protected sessions. |
| ☐ | SV-237049r639594_rule | The A10 Networks ADC must protect against TCP and UDP Denial of Service (DoS) attacks by employing Source-IP based connection-rate limiting. |
| ☐ | SV-237050r639597_rule | The A10 Networks ADC must implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks. |
| ☐ | SV-237051r639600_rule | The A10 Networks ADC must enable DDoS filters. |
| ☐ | SV-237052r639603_rule | The A10 Networks ADC, when used to load balance web applications, must examine incoming user requests against the URI White Lists. |
| ☐ | SV-237053r639606_rule | The A10 Networks ADC, when used to load balance web applications, must enable external logging for WAF data event messages. |
| ☐ | SV-237054r639609_rule | The A10 Networks ADC must enable logging for packet anomaly events. |
| ☐ | SV-237055r639612_rule | The A10 Networks ADC must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected. |
| ☐ | SV-237056r639615_rule | The A10 Networks ADC must enable logging of Denial of Service (DoS) attacks. |
| ☐ | SV-237057r639618_rule | The A10 Networks ADC, when used for load-balancing web servers, must not allow the HTTP TRACE and OPTIONS methods. |
| ☐ | SV-237058r639621_rule | The A10 Networks ADC must reveal error messages only to authorized individuals (ISSO, ISSM, and SA). |
| ☐ | SV-237059r639624_rule | The A10 Networks ADC must, at a minimum, off-load audit log records onto a centralized log server. |
| ☐ | SV-237060r639627_rule | The A10 Networks ADC, when used for load balancing web servers, must deploy the WAF in active mode. |
| ☐ | SV-237061r639630_rule | If the Data Owner requires it, the A10 Networks ADC must be configured to perform CCN Mask, SSN Mask, and PCRE Mask Request checks. |
| ☐ | SV-237062r639633_rule | The A10 Networks ADC must protect against ICMP-based Denial of Service (DoS) attacks by employing ICMP Rate Limiting. |
| ☐ | SV-237063r639636_rule | The A10 Networks ADC must protect against TCP SYN floods by using TCP SYN Cookies. |
| ☐ | SV-237064r639639_rule | The A10 Networks ADC must be a FIPS-compliant version. |
STIGQter: STIG Summary: