| Checked | Name | Title |
|---|
| ☐ | SV-82521r1_rule | The A10 Networks ADC must limit the number of concurrent sessions to one (1) for each administrator account and/or administrator account type. |
| ☐ | SV-82523r1_rule | The A10 Networks ADC must enforce the limit of three consecutive invalid logon attempts. |
| ☐ | SV-82525r1_rule | The A10 Networks ADC must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. |
| ☐ | SV-82527r1_rule | The A10 Networks ADC must allow only the ISSM (or individuals or roles appointed by the ISSM) Root, Read Write, or Read Only privileges. |
| ☐ | SV-82529r1_rule | The A10 Networks ADC must produce audit log records containing information (FQDN, unique hostname, management or loopback IP address) to establish the source of events. |
| ☐ | SV-82531r1_rule | The A10 Networks ADC must have command auditing enabled. |
| ☐ | SV-82533r1_rule | The A10 Networks ADC must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. |
| ☐ | SV-82535r1_rule | The A10 Networks ADC must back up audit records at least every seven days onto a different system or system component than the system or component being audited. |
| ☐ | SV-82537r1_rule | The A10 Networks ADC must disable management protocol access to all interfaces except the management interface. |
| ☐ | SV-82539r1_rule | The A10 Networks ADC must not have any shared accounts (other than the emergency administration account). |
| ☐ | SV-82541r1_rule | The A10 Networks ADC must not use the default admin account. |
| ☐ | SV-82543r1_rule | The A10 Networks ADC must implement replay-resistant authentication mechanisms for network access to privileged accounts. |
| ☐ | SV-82545r1_rule | The A10 Networks ADC must prohibit the use of unencrypted protocols for network access to privileged accounts. |
| ☐ | SV-82547r1_rule | The A10 Networks ADC must terminate management sessions after 10 minutes of inactivity except to fulfill documented and validated mission requirements. |
| ☐ | SV-82549r1_rule | The A10 Networks ADC must reveal error messages only to authorized individuals (ISSO, ISSM, and SA). |
| ☐ | SV-82551r1_rule | The A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are created. |
| ☐ | SV-82553r1_rule | The A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are modified. |
| ☐ | SV-82555r1_rule | The A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are disabled. |
| ☐ | SV-82557r1_rule | The A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are removed. |
| ☐ | SV-82559r1_rule | When anyone who has access to the emergency administration account no longer requires access to it or leaves the organization, the password for the emergency administration account must be changed. |
| ☐ | SV-82561r1_rule | The A10 Networks ADC must notify System Administrators (SAs) and Information System Security Officers (ISSMs) when accounts are created, or enabled when previously disabled. |
| ☐ | SV-82563r1_rule | The A10 Networks ADC must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded. |
| ☐ | SV-82565r1_rule | The A10 Networks ADC must send Emergency messages to the Console, Syslog, and Monitor. |
| ☐ | SV-82567r1_rule | The A10 Networks ADC must compare internal information system clocks at least every 24 hours with an authoritative time server. |
| ☐ | SV-82569r1_rule | The A10 Networks ADC must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second. |
| ☐ | SV-82571r1_rule | The A10 Networks ADC must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources. |
| ☐ | SV-82573r1_rule | The A10 Networks ADC must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). |
| ☐ | SV-82575r1_rule | The A10 Networks ADC must authenticate Network Time Protocol sources. |
| ☐ | SV-82577r1_rule | Operators of the A10 Networks ADC must not use the Telnet client built into the device. |
| ☐ | SV-82579r1_rule | The A10 Networks ADC must not use SNMP Versions 1 or 2. |
| ☐ | SV-82581r1_rule | The A10 Networks ADC must off-load audit records onto a different system or media than the system being audited. |
| ☐ | SV-82583r1_rule | The A10 Networks ADC must not use the default enable password. |
| ☐ | SV-82585r1_rule | The A10 Networks ADC must only allow the use of secure protocols that implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications for nonlocal maintenance sessions. |
| ☐ | SV-82587r1_rule | The A10 Networks ADC must restrict management connections to the management network. |
| ☐ | SV-82589r1_rule | The A10 Networks ADC must use DoD-approved PKI rather than proprietary or self-signed device certificates. |
| ☐ | SV-82591r1_rule | The A10 Networks ADC must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW CJCSM 6510.01B. |
| ☐ | SV-82593r1_rule | The A10 Networks ADC must employ centrally managed authentication server(s). |
STIGQter: STIG Summary: