STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide

Version

V1R1

Benchmark ID

Akamai_KSD_Service_IL2_ALG_STIG

Total Checks

33

Tags

other

CAT I: 7CAT II: 24CAT III: 2

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (33)

V-76391HIGHKona Site Defender must immediately use updates made to policy enforcement mechanisms to enforce that all traffic flows over HTTPS port 443.V-76393HIGHKona Site Defender must immediately apply updates to the Kona Rule Set to block designated traffic of interest in response to new or emerging threats.V-76395MEDIUMKona Site Defender must immediately use updates made to policy enforcement mechanisms to block traffic from organizationally defined geographic regions.V-76397MEDIUMKona Site Defender must immediately use updates made to policy enforcement mechanisms to block traffic from organizationally defined IP addresses (i.e., IP blacklist).V-76399MEDIUMKona Site Defender must immediately use updates made to policy enforcement mechanisms to allow traffic from organizationally defined IP addresses (i.e., IP whitelist).V-76401HIGHKona Site Defender that provides intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52.V-76403MEDIUMTo protect against data mining, Kona Site Defender providing content filtering must prevent code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.V-76405MEDIUMTo protect against data mining, Kona Site Defender providing content filtering must prevent code injection attacks launched against application objects including, at a minimum, application URLs and application code.V-76407MEDIUMTo protect against data mining, Kona Site Defender providing content filtering must prevent SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.V-76409MEDIUMTo protect against data mining, Kona Site Defender providing content filtering must detect code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.V-76411MEDIUMTo protect against data mining, Kona Site Defender providing content filtering must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.V-76413MEDIUMTo protect against data mining, Kona Site Defender providing content filtering as part of its intermediary services must detect code injection attacks launched against application objects including, at a minimum, application URLs and application code.V-76415MEDIUMKona Site Defender must off-load audit records onto a centralized log server.V-76417LOWKona Site Defender must off-load audit records onto a centralized log server in real time.V-76419MEDIUMKona Site Defender must not strip origin-defined HTTP session headers.V-76421MEDIUMKona Site Defender providing content filtering must protect against known and unknown types of denial-of-service (DoS) attacks by employing rate-based attack prevention behavior analysis.V-76423MEDIUMKona Site Defender providing content filtering must protect against known types of denial-of-service (DoS) attacks by employing signatures.V-76425MEDIUMKona Site Defender that provides intermediary services for HTTP must inspect inbound and outbound HTTP traffic for protocol compliance and protocol anomalies.V-76427HIGHKona Site Defender providing encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes.V-76429MEDIUMKona Site Defender providing encryption intermediary services must implement NIST FIPS-validated cryptography for digital signatures.V-76431HIGHKona Site Defender providing encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services.V-76433HIGHKona Site Defender providing user authentication intermediary services using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of protected sessions.V-76435MEDIUMKona Site Defender providing content filtering must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures.V-76437MEDIUMKona Site Defender providing content filtering must block malicious code upon detection.V-76439MEDIUMKona Site Defender providing content filtering must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection.V-76441LOWKona Site Defender providing content filtering must be configured to integrate with a system-wide intrusion detection system.V-76443MEDIUMKona Site Defender providing content filtering must continuously monitor inbound communications traffic crossing internal security boundaries for unusual or unauthorized activities or conditions.V-76445MEDIUMKona Site Defender providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.V-76447MEDIUMKona Site Defender providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.V-76449MEDIUMKona Site Defender providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected.V-76451MEDIUMKona Site Defender must check the validity of all data inputs except those specifically identified by the organization.V-76453HIGHKona Site Defender must reveal error messages only to the ISSO, ISSM, and SCA.V-76455MEDIUMKona Site Defender must only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.