The A10 Networks ADC must use DoD-approved PKI rather than proprietary or self-signed device certificates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-68099 | AADC-NM-000142 | SV-82589r1_rule | Medium |
| Description |
|---|
| For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice. |
| STIG | Date |
|---|---|
| A10 Networks ADC NDM Security Technical Implementation Guide | 2016-04-15 |
Details
| Check Text ( C-68659r1_chk ) |
|---|
| Review the device configuration. This can be checked using the GUI: Log on to the device and navigate to Config >> System >> Settings >> Web Certificate. In the certificate pane, view the issuer information. If each certificate is not issued by an approved service provider, this is a finding. |
| Fix Text (F-74213r1_fix) |
|---|
| Only import public key certificates from an appropriate certificate policy through an approved service provider. Use the commands "import ssl-cert" and "import ssl-key" or "slb ssl-load" to import SSL certificates and keys. |