STIGQter STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016: The DataPower Gateway providing user authentication intermediary services must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

DISA Rule

SV-79705r1_rule

Vulnerability Number

V-65215

Group Title

SRG-NET-000138-ALG-000063

Rule Version

WSDP-AG-000037

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Using the appliance's WebGUI, navigate to DataPower Gateway's Configure AAA Policy (authentication, authorization, audit) at Objects >> XML Processing >> AAA Policy.

Open the applicable AAA policy.

On the Identity extraction tab, check the appropriate methods and processing option.

On the Authentication tab, specify all parameters associated with the desired authentication method (e.g., LDAP).

Check Contents

Using the appliance's WebGUI, navigate to DataPower Gateway's Configure AAA Policy (authentication, authorization, audit) at Objects >> XML Processing >> AAA Policy. Open the applicable AAA policy.

On the Identity extraction tab, confirm that the appropriate methods are checked and appropriate processing option specified.

On the Authentication tab, confirm that all parameters associated with the authentication method (e.g., LDAP) are correctly specified.

If these items are not configured, this is a finding.

Vulnerability Number

V-65215

Documentable

False

Rule Version

WSDP-AG-000037

Severity Override Guidance

Using the appliance's WebGUI, navigate to DataPower Gateway's Configure AAA Policy (authentication, authorization, audit) at Objects >> XML Processing >> AAA Policy. Open the applicable AAA policy.

On the Identity extraction tab, confirm that the appropriate methods are checked and appropriate processing option specified.

On the Authentication tab, confirm that all parameters associated with the authentication method (e.g., LDAP) are correctly specified.

If these items are not configured, this is a finding.

Check Content Reference

M

Target Key

2859

Comments