STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

SV-79703r1_rule

Vulnerability Number

V-65213

Group Title

SRG-NET-000132-ALG-000087

Rule Version

WSDP-AG-000036

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Review the PPSM CAL before configuring services on the DataPower Gateway. This device will either be placed in the enclave DMZ or on a private network; this must be taken into account.
Configure only those services that are not prohibited and follow PPSM guidance for each service, protocol, and port.

Check Contents

Review the list of authorized applications, services, and protocols that has been added to the PPSM database.

Privileged Account User logon to the WebGUI >> Log on to the Default domain >>
Click Status >> Main >> Active Services >> Click Show All Domains.

If any of the Active Services allows traffic that is prohibited by the PPSM CAL, this is a finding.

Vulnerability Number

V-65213

Documentable

False

Rule Version

WSDP-AG-000036

Severity Override Guidance

Review the list of authorized applications, services, and protocols that has been added to the PPSM database.

Privileged Account User logon to the WebGUI >> Log on to the Default domain >>
Click Status >> Main >> Active Services >> Click Show All Domains.

If any of the Active Services allows traffic that is prohibited by the PPSM CAL, this is a finding.

Check Content Reference

M

Target Key

2859

Comments