STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway must protect audit information from unauthorized read access.

DISA Rule

SV-79701r1_rule

Vulnerability Number

V-65211

Group Title

SRG-NET-000098-ALG-000056

Rule Version

WSDP-AG-000028

Severity

CAT II

CCI(s)

CCI-000162 - The information system protects audit information from unauthorized access.

Weight

Fix Recommendation

Privileged account user log on to default domain >> Administration >> Access >> User Account >> Select non-privileged user account >> Click “…” button next to User Group field >> Enter */default/*?Access=NONE into field >> Click add >> Click Apply >> Click Apply >> Click Save Configuration.

Check Contents

Login page >> Enter non-admin user id and password, select Default for domain >> Click Login.

If non-admin user can log on, this is a finding.

Vulnerability Number

V-65211

Documentable

False

Rule Version

WSDP-AG-000028

Severity Override Guidance

Login page >> Enter non-admin user id and password, select Default for domain >> Click Login.

If non-admin user can log on, this is a finding.

Check Content Reference

Target Key

2859

The DataPower Gateway must protect audit information from unauthorized read access.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments