Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Verify that the activity log is showing user login data: 1. Log in to the Luna Portal. 2. Verify that one of the four widgets includes the activity log. If the activity log is not showing, this is a finding.
Configure the activity log to appear in the "My Akamai" section. 1. Select the gear icon on one of the four widgets. 2. Select the activity log in the left column. 3. Check the box for "All Logins".
Verify the activity log is showing user login data: 1. Log in to the Luna Portal. 2. Verify that one of the four widgets includes the activity log. If the activity log is not showing, this is a finding.
Configure the activity log to appear in the "My Akamai" section. 1. Select the gear icon on one of the four widgets. 2. Select the activity log in the left column. 3. Check the box for "All Logins".
Verify that all portal users have the session timeout duration set to 15 minutes: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Manage Users & Groups. 3. Select each administrator and inspect the "Timeout" setting to verify it reads "After 15 Minutes". 4. Click "Save" button. If any user has a "Timeout" value other than "After 15 Minutes", this is a finding.
Configure the session timeout duration to 15 minutes: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Manage Users & Groups. 3. Select each user and set the "Timeout" value to "After 15 Minutes".
Verify that the portal is sending Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click the "Settings" button and click on "Properties" tab. 5. Verify that the following setting is selected: "Manage - Manage Users". If the Luna Control Center event notifications are not enabled, this is a finding.
Enable account creation alerting: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click the "Settings" button and click on "Properties" tab. 5. Select "Manage - Manage Users".
Verify that the portal is sending Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click the "Settings" button and click on "Properties" tab. 5. Verify that the following setting is selected: "Manage - Manage Users". If the Luna Control Center event notifications are not enabled, this is a finding.
Enable account modification alerting: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click the "Settings" button and click on "Properties" tab. 5. Select "Manage - Manage Users".
Verify that the portal is sending Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click the "Settings" button and click on "Properties" tab. 5. Verify that the following setting is selected: "Manage - Manage Users". If the Luna Control Center event notifications are not enabled, this is a finding.
Enable account removal alerting: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click the "Settings" button and click on "Properties" tab. 5. Select "Manage - Manage Users".
Verify that the portal is sending Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click on "account creation". 5. Verify that the following settings are selected by clicking the "Settings" button: "Manage - Manage Users". If the Luna Control Center event notifications are not enabled, this is a finding.
Enable Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Click the "Create New Alert" button. 4. Select "Luna Control Center Event" and press the "Next" button. 5. Check the box that reads "Manage - Manage Users". 6. Proceed through the alert creation wizard, filling out the appropriate fields, and then click "Submit". Alternatively, custom notifications can be created by using the event manager API at https://developer.akamai.com/api/luna/events/overview.html.
Verify that the portal is sending Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click on "account modification". 5. Verify that the following settings are selected by clicking the "Settings" button: "Manage - Manage Users". If the Luna Control Center event notifications are not enabled, this is a finding.
Enable Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Click the "Create New Alert" button. 4. Select "Luna Control Center Event" and press the "Next" button. 5. Check the box that reads "Manage - Manage Users". 6. Proceed through the alert creation wizard, filling out the appropriate fields, and then click "Submit". Alternatively, custom notifications can be created by using the event manager API at https://developer.akamai.com/api/luna/events/overview.html.
Verify that the portal is sending Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click on "account removal". 5. Verify that the following settings are selected by clicking the "Settings" button: "Manage - Manage Users". If the Luna Control Center event notifications are not enabled, this is a finding.
Enable Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Click the "Create New Alert" button. 4. Select "Luna Control Center Event" and press the "Next" button. 5. Check the box that reads "Manage - Manage Users". 6. Proceed through the alert creation wizard, filling out the appropriate fields, and then click "Submit". Alternatively, custom notifications can be created by using the event manager API at https://developer.akamai.com/api/luna/events/overview.html.
Verify that the portal is sending Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click on "account enabling". 5. Verify that the following settings are selected by clicking the "Settings" button: "Manage - Manage Users". If the Luna Control Center event notifications are not enabled, this is a finding.
Enable Luna Event notifications. 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Click the "Create New Alert" button. 4. Select "Luna Control Center Event" and press the "Next" button. 5. Check the box that reads "Manage - Manage Users". 6. Proceed through the alert creation wizard, filling out the appropriate fields, and then click "Submit".
Verify that the portal is sending the expected Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click on "account creation". 5. Verify that the following settings are selected by clicking the "Settings" button: "Manage - Manage Users". If the Luna Control Center event notifications are not enabled, this is a finding.
Enable Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Click the "Create New Alert" button. 4. Select "Luna Control Center Event" and press the "Next" button. 5. Check the boxes for applicable alerts. 6. Proceed through the alert creation wizard, filling out the appropriate fields, and then click "Submit".
Verify that the portal is sending the expected Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click on "execution of privileged functions". 5. Verify that the following settings are selected by clicking the "Settings" button: "Manage - Manage Users". If the Luna Control Center event notifications are not enabled, this is a finding.
Enable Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Click the "Create New Alert" button. 4. Select "Luna Control Center Event" and press the "Next" button. 5. Check the boxes for applicable alerts. 6. Proceed through the alert creation wizard, filling out the appropriate fields, and then click "Submit".
Verify that the portal is sending Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click on the DoD-defined auditable events individually. 5. Verify that the applicable events are selected by clicking the "Settings" button. If the Luna Control Center event notifications are not enabled, this is a finding.
Enable Luna Event notifications. 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Click the "Create New Alert" button. 4. Select "Luna Control Center Event" and press the "Next" button. 5. Check each of the applicable boxes for the DoD-defined auditable events. 6. Proceed through the alert creation wizard, filling out the appropriate fields, and then click "Submit".
Verify that the portal is sending Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Search/filter for "Luna Control Center Event". 4. Click on the event name that meets the criteria above. 5. Verify that the applicable events are selected by clicking the "Settings" button. If the Luna Control Center event notifications are not enabled, this is a finding.
Enable Luna Event notifications: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Alerts. 3. Click the "Create New Alert" button. 4. Select "Luna Control Center Event" and press the "Next" button. 5. Check the applicable boxes. 6. Proceed through the alert creation wizard, filling out the appropriate fields, and then click "Submit".
Verify the minimum 15-character length for passwords. Contact the Akamai Professional Services team to verify the changes at 1-877-4-AKATEC (1-877-425-2832). If the minimum password length is not 15-character, this is a finding.
Open a ticket through the Akamai Customer Portal (Luna), https://control.akamai.com Select the “Support” link, under the “OPEN A CASE” section, select "Business Support Issue or Question". The "Area" field should be "General Account Management". Service should be "Product Support". Once selected a form will load where the subject should be "Password Security Policy Exception Request" The description should contain the following information with all fields completed. (Please note that if the character limit is exceeded then the following may be submitted as an attachment.) ------------- Requester's name: Requester's title: Requester's organization/command: We request the following exception(s) to the standard Akamai Luna password management policy to be applied to all accounts. - Force password rotations to occur at least every 60 days. - Disable any inactive accounts if they have not been used for 90 consecutive days. - Limit the number of consecutive invalid login attempts to 3. - Enforce a minimum length of 15 characters. - Require that at least one upper-case character be used. - Require that at least one lower-case character be used. - Require that at least one numeric character be used. - Require that at least one special character be used. - Prevent password reuse for at least 5 generations. We understand this is a divergence from the standard, recommended Luna security policy. Please submit this password policy exception request to the Akamai InfoSec team for review. It has been approved by the security officer or administrator for the organization. The following is the approver's information: Approver's Name: Approver's Title: (must security personnel for the organization) Approver's Contact Information (necessary to validate this request): Phone: E-mail: ------------- Complete the contact information fields if they haven't been prepopulated, and then click "Create Case"
Verify the password must contain at least one upper-case character. Contact the Akamai Professional Services team to verify the changes at 1-877-4-AKATEC (1-877-425-2832). If the password does not require at least one upper-case character, this is a finding.
Open a ticket through the Akamai Customer Portal (Luna), https://control.akamai.com Select the “Support” link, under the “OPEN A CASE” section, select "Business Support Issue or Question". The "Area" field should be "General Account Management". Service should be "Product Support". Once selected a form will load where the subject should be "Password Security Policy Exception Request" The description should contain the following information with all fields completed. (Please note that if the character limit is exceeded then the following may be submitted as an attachment.) ------------- Requester's name: Requester's title: Requester's organization/command: We request the following exception(s) to the standard Akamai Luna password management policy to be applied to all accounts. - Force password rotations to occur at least every 60 days. - Disable any inactive accounts if they have not been used for 90 consecutive days. - Limit the number of consecutive invalid login attempts to 3. - Enforce a minimum length of 15 characters. - Require that at least one upper-case character be used. - Require that at least one lower-case character be used. - Require that at least one numeric character be used. - Require that at least one special character be used. - Prevent password reuse for at least 5 generations. We understand this is a divergence from the standard, recommended Luna security policy. Please submit this password policy exception request to the Akamai InfoSec team for review. It has been approved by the security officer or administrator for the organization. The following is the approver's information: Approver's Name: Approver's Title: (must security personnel for the organization) Approver's Contact Information (necessary to validate this request): Phone: E-mail: ------------- Complete the contact information fields if they haven't been prepopulated, and then click "Create Case"
Verify the password must contain at least one lower-case character. Contact the Akamai Professional Services team to verify the changes at 1-877-4-AKATEC (1-877-425-2832). If the password does not require at least one lower-case character, this is a finding.
Open a ticket through the Akamai Customer Portal (Luna), https://control.akamai.com Select the “Support” link, under the “OPEN A CASE” section, select "Business Support Issue or Question". The "Area" field should be "General Account Management". Service should be "Product Support". Once selected a form will load where the subject should be "Password Security Policy Exception Request" The description should contain the following information with all fields completed. (Please note that if the character limit is exceeded then the following may be submitted as an attachment.) ------------- Requester's name: Requester's title: Requester's organization/command: We request the following exception(s) to the standard Akamai Luna password management policy to be applied to all accounts. - Force password rotations to occur at least every 60 days. - Disable any inactive accounts if they have not been used for 90 consecutive days. - Limit the number of consecutive invalid login attempts to 3. - Enforce a minimum length of 15 characters. - Require that at least one upper-case character be used. - Require that at least one lower-case character be used. - Require that at least one numeric character be used. - Require that at least one special character be used. - Prevent password reuse for at least 5 generations. We understand this is a divergence from the standard, recommended Luna security policy. Please submit this password policy exception request to the Akamai InfoSec team for review. It has been approved by the security officer or administrator for the organization. The following is the approver's information: Approver's Name: Approver's Title: (must security personnel for the organization) Approver's Contact Information (necessary to validate this request): Phone: E-mail: ------------- Complete the contact information fields if they haven't been prepopulated, and then click "Create Case"
Verify the password must contain at least one numeric character. Contact the Akamai Professional Services team to verify the changes at 1-877-4-AKATEC (1-877-425-2832). If the password does not require at least one numeric character, this is a finding.
Open a ticket through the Akamai Customer Portal (Luna), https://control.akamai.com Select the “Support” link, under the “OPEN A CASE” section, select "Business Support Issue or Question". The "Area" field should be "General Account Management". Service should be "Product Support". Once selected a form will load where the subject should be "Password Security Policy Exception Request" The description should contain the following information with all fields completed. (Please note that if the character limit is exceeded then the following may be submitted as an attachment.) ------------- Requester's name: Requester's title: Requester's organization/command: We request the following exception(s) to the standard Akamai Luna password management policy to be applied to all accounts. - Force password rotations to occur at least every 60 days. - Disable any inactive accounts if they have not been used for 90 consecutive days. - Limit the number of consecutive invalid login attempts to 3. - Enforce a minimum length of 15 characters. - Require that at least one upper-case character be used. - Require that at least one lower-case character be used. - Require that at least one numeric character be used. - Require that at least one special character be used. - Prevent password reuse for at least 5 generations. We understand this is a divergence from the standard, recommended Luna security policy. Please submit this password policy exception request to the Akamai InfoSec team for review. It has been approved by the security officer or administrator for the organization. The following is the approver's information: Approver's Name: Approver's Title: (must security personnel for the organization) Approver's Contact Information (necessary to validate this request): Phone: E-mail: ------------- Complete the contact information fields if they haven't been prepopulated, and then click "Create Case"
Verify the password must contain at least one special character. Contact the Akamai Professional Services team to verify the changes at 1-877-4-AKATEC (1-877-425-2832). If the password does not require at least one special character, this is a finding.
Open a ticket through the Akamai Customer Portal (Luna), https://control.akamai.com Select the “Support” link, under the “OPEN A CASE” section, select "Business Support Issue or Question". The "Area" field should be "General Account Management". Service should be "Product Support". Once selected a form will load where the subject should be "Password Security Policy Exception Request" The description should contain the following information with all fields completed. (Please note that if the character limit is exceeded then the following may be submitted as an attachment.) ------------- Requester's name: Requester's title: Requester's organization/command: We request the following exception(s) to the standard Akamai Luna password management policy to be applied to all accounts. - Force password rotations to occur at least every 60 days. - Disable any inactive accounts if they have not been used for 90 consecutive days. - Limit the number of consecutive invalid login attempts to 3. - Enforce a minimum length of 15 characters. - Require that at least one upper-case character be used. - Require that at least one lower-case character be used. - Require that at least one numeric character be used. - Require that at least one special character be used. - Prevent password reuse for at least 5 generations. We understand this is a divergence from the standard, recommended Luna security policy. Please submit this password policy exception request to the Akamai InfoSec team for review. It has been approved by the security officer or administrator for the organization. The following is the approver's information: Approver's Name: Approver's Title: (must security personnel for the organization) Approver's Contact Information (necessary to validate this request): Phone: E-mail: ------------- Complete the contact information fields if they haven't been prepopulated, and then click "Create Case"
Verify the 60-day maximum password lifetime restriction is enforced. Contact the Akamai Professional Services team to verify the changes at 1-877-4-AKATEC (1-877-425-2832). If the 60-day maximum password lifetime restriction is not enforced, this is a finding.
Open a ticket through the Akamai Customer Portal (Luna), https://control.akamai.com Select the “Support” link, under the “OPEN A CASE” section, select "Business Support Issue or Question". The "Area" field should be "General Account Management". Service should be "Product Support". Once selected a form will load where the subject should be "Password Security Policy Exception Request" The description should contain the following information with all fields completed. (Please note that if the character limit is exceeded then the following may be submitted as an attachment.) ------------- Requester's name: Requester's title: Requester's organization/command: We request the following exception(s) to the standard Akamai Luna password management policy to be applied to all accounts. - Force password rotations to occur at least every 60 days. - Disable any inactive accounts if they have not been used for 90 consecutive days. - Limit the number of consecutive invalid login attempts to 3. - Enforce a minimum length of 15 characters. - Require that at least one upper-case character be used. - Require that at least one lower-case character be used. - Require that at least one numeric character be used. - Require that at least one special character be used. - Prevent password reuse for at least 5 generations. We understand this is a divergence from the standard, recommended Luna security policy. Please submit this password policy exception request to the Akamai InfoSec team for review. It has been approved by the security officer or administrator for the organization. The following is the approver's information: Approver's Name: Approver's Title: (must security personnel for the organization) Approver's Contact Information (necessary to validate this request): Phone: E-mail: ------------- Complete the contact information fields if they haven't been prepopulated, and then click "Create Case"
Verify password reuse for a minimum of five generations is prohibited. Contact the Akamai Professional Services team to verify the changes at 1-877-4-AKATEC (1-877-425-2832). If the password reuse for a minimum of five generations is not prohibited, this is a finding.
Open a ticket through the Akamai Customer Portal (Luna), https://control.akamai.com Select the “Support” link, under the “OPEN A CASE” section, select "Business Support Issue or Question". The "Area" field should be "General Account Management". Service should be "Product Support". Once selected a form will load where the subject should be "Password Security Policy Exception Request" The description should contain the following information with all fields completed. (Please note that if the character limit is exceeded then the following may be submitted as an attachment.) ------------- Requester's name: Requester's title: Requester's organization/command: We request the following exception(s) to the standard Akamai Luna password management policy to be applied to all accounts. - Force password rotations to occur at least every 60 days. - Disable any inactive accounts if they have not been used for 90 consecutive days. - Limit the number of consecutive invalid login attempts to 3. - Enforce a minimum length of 15 characters. - Require that at least one upper-case character be used. - Require that at least one lower-case character be used. - Require that at least one numeric character be used. - Require that at least one special character be used. - Prevent password reuse for at least 5 generations. We understand this is a divergence from the standard, recommended Luna security policy. Please submit this password policy exception request to the Akamai InfoSec team for review. It has been approved by the security officer or administrator for the organization. The following is the approver's information: Approver's Name: Approver's Title: (must security personnel for the organization) Approver's Contact Information (necessary to validate this request): Phone: E-mail: ------------- Complete the contact information fields if they haven't been prepopulated, and then click "Create Case"
Verify that all portal users have the session timeout duration set to 15 minutes: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Manage Users & Groups. 3. Select each user and inspect the "Timeout" setting to verify it reads "After 15 Minutes". If the session timeout is not set to 15 minutes, this is a finding.
Set the session timeout duration to 15 minutes: 1. Log in to the Luna Portal as an administrator. 2. Select Configure >> Manage Users & Groups. 3. Select each user and adjust the "Timeout" setting to "After 15 Minutes".
Confirm that only SAML logins are enabled. 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click "Configure" >> "Manage SSO with SAML" 3. Verify "SAML-only login:" is set to "enabled" If the "SAML only logins:" is set to disabled, this is a finding. NOTE: During the initial deployment and testing of the Luna Portal implementation, it will be necessary to allow other logins. However, production environments must meet this requirement.
Configure logins to require SAML integration. 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click "Configure" >> "Manage SSO with SAML" 3. Click the "Enable" button next to the "SAML-only login:" label. 4. Click "Yes" when asked if you want to enable SAML-only login.
Verify that the Luna portal is configured to use single sign-on (SSO) with SAML. 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click "Configure" >> "Manage SSO with SAML" 3. Verify the identity Provider's current SSO settings are configured properly. If SSO with SAML is not configured, then this is a finding.
Configure the Luna portal to use single sign-on with SAML. 1. Log in to the Akamai Luna Portal (Caution-https://control.akamai.com). 2. Click "Configure" >> "Manage SSO with SAML" 3. Configure the identity Provider's SSO settings as follows: a. The strings in some fields—such as the local user attribute name (“userid”) and the last part of the service provider endpoint address (“.luna-sp.com”)—are pre-specified by Luna Control Center. Using the information about your identity provider (IDP). Fill in the first three fields: - Service Provider End-point - Entity ID - Single Sign-On URL b. The next field, "Single Logout URL", is optional. If your SAML metadata includes this information and you wish to configure for a Single Logout, you may enter it here. c. Enter an email address that should receive notifications from Luna Control Center. d. Enter thex509c Certificate key. e. The next field, Alternate x509c Certificate Key, is optional. If you have an alternate x509c Certificate key, you may enter it here. Having a second key can be convenient if your current key is nearing expiration and your IDP supports key rotation. f. When the required information has been entered, click "Save" or click "Save & Activate". - Click Save if you want to keep a draft of your configuration without activating it yet. In the Manage Single Sign-On with SAML application’s main panel, “Inactive” then appears in the Status column of the new configuration. This means it has been saved but is not yet activated. - You may repeat all steps to this point, to create as many additional inactive SSO configurations as desired. They’ll all be listed and accessible from the main panel. (A filter is provided for convenience when dealing with long lists.) - When you want to activate one of your saved but inactive configurations, simply select "Activate" from its gear icon. This action results in a progression of status messages—which may take up to 48 hours—starting with "Pending activation" then "Pending activation (DNS)" and finally "Active." - Click "Save & Activate" if you want to immediately request activation of the new configuration. In the "Manage Single Sign-On with SAML" application’s main panel, "Pending activation" then appears in the "Status" column of the new configuration, indicating that it has been saved and is awaiting activation. - This action results in a progression of status messages, starting with "Pending activation (DNS)" and ending with "Active." - You may repeat all steps to this point, to create as many additional active configurations as desired.