STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

A10 Networks ADC NDM Security Technical Implementation Guide

Version

V1R2

Benchmark ID

A10_Networks_ADC_NDM_STIG

Total Checks

38

Tags

network

CAT I: 6CAT II: 24CAT III: 8

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (38)

V-255587MEDIUMThe A10 Networks ADC must limit the number of concurrent sessions to one (1) for each administrator account and/or administrator account type.V-255588MEDIUMThe A10 Networks ADC must enforce the limit of three consecutive invalid logon attempts.V-255589LOWThe A10 Networks ADC must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.V-255590MEDIUMThe A10 Networks ADC must allow only the ISSM (or individuals or roles appointed by the ISSM) Root, Read Write, or Read Only privileges.V-255591LOWThe A10 Networks ADC must produce audit log records containing information (FQDN, unique hostname, management or loopback IP address) to establish the source of events.V-255592LOWThe A10 Networks ADC must have command auditing enabled.V-255593LOWThe A10 Networks ADC must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.V-255594LOWThe A10 Networks ADC must back up audit records at least every seven days onto a different system or system component than the system or component being audited.V-255595MEDIUMThe A10 Networks ADC must disable management protocol access to all interfaces except the management interface.V-255596MEDIUMThe A10 Networks ADC must not have any shared accounts (other than the emergency administration account).V-255597HIGHThe A10 Networks ADC must not use the default admin account.V-255598MEDIUMThe A10 Networks ADC must implement replay-resistant authentication mechanisms for network access to privileged accounts.V-255599MEDIUMThe A10 Networks ADC must prohibit the use of unencrypted protocols for network access to privileged accounts.V-255600HIGHThe A10 Networks ADC must terminate management sessions after 10 minutes of inactivity except to fulfill documented and validated mission requirements.V-255601MEDIUMThe A10 Networks ADC must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).V-255602HIGHThe A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are created.V-255603MEDIUMThe A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are modified.V-255604MEDIUMThe A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are disabled.V-255605MEDIUMThe A10 Networks ADC must generate alerts to the administrators and ISSO when accounts are removed.V-255606MEDIUMWhen anyone who has access to the emergency administration account no longer requires access to it or leaves the organization, the password for the emergency administration account must be changed.V-255607MEDIUMThe A10 Networks ADC must notify System Administrators (SAs) and Information System Security Officers (ISSMs) when accounts are created, or enabled when previously disabled.V-255608MEDIUMThe A10 Networks ADC must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.V-255609LOWThe A10 Networks ADC must send Emergency messages to the Console, Syslog, and Monitor.V-255610LOWThe A10 Networks ADC must compare internal information system clocks at least every 24 hours with an authoritative time server.V-255611LOWThe A10 Networks ADC must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.V-255612MEDIUMThe A10 Networks ADC must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.V-255613MEDIUMThe A10 Networks ADC must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).V-255614MEDIUMThe A10 Networks ADC must authenticate Network Time Protocol sources.V-255615MEDIUMOperators of the A10 Networks ADC must not use the Telnet client built into the device.V-255616HIGHThe A10 Networks ADC must not use SNMP Versions 1 or 2.V-255617MEDIUMThe A10 Networks ADC must off-load audit records onto a different system or media than the system being audited.V-255618MEDIUMThe A10 Networks ADC must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW CJCSM 6510.01B.V-255619MEDIUMThe A10 Networks ADC must employ centrally managed authentication server(s).V-255620MEDIUMThe A10 Networks ADC must use DoD-approved PKI rather than proprietary or self-signed device certificates.V-255621MEDIUMThe A10 Networks ADC must restrict management connections to the management network.V-255622MEDIUMThe A10 Networks ADC must only allow the use of secure protocols that implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications for nonlocal maintenance sessions.V-255623HIGHThe A10 Networks ADC must not use the default enable password.V-264426HIGHThe A10 Networks NDM must be using a version supported by the vendor.