Check: AADC-NM-000142
A10 Networks ADC NDM STIG:
AADC-NM-000142
(in version v1 r1)
Title
The A10 Networks ADC must use DoD-approved PKI rather than proprietary or self-signed device certificates. (Cat II impact)
Discussion
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.
Check Content
Review the device configuration. This can be checked using the GUI: Log on to the device and navigate to Config >> System >> Settings >> Web Certificate. In the certificate pane, view the issuer information. If each certificate is not issued by an approved service provider, this is a finding.
Fix Text
Only import public key certificates from an appropriate certificate policy through an approved service provider. Use the commands "import ssl-cert" and "import ssl-key" or "slb ssl-load" to import SSL certificates and keys.
Additional Identifiers
Rule ID: SV-82589r1_rule
Vulnerability ID: V-68099
Group Title: SRG-APP-000516-NDM-000344
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001159 |
The organization issues public key certificates under an organization-defined certificate policy or obtains public key certificates from an approved service provider. |