STIGQter STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

DISA Rule

SV-79755r1_rule

Vulnerability Number

V-65265

Group Title

SRG-NET-000345-ALG-000099

Rule Version

WSDP-AG-000096

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Search Bar “AAA Policy” >> Select AAA Policy >> AAA policy >> Authentication >> Cache authentication results “Absolute” or “Maximum” or “Minimum” >> Cache Lifetime cache value.

Search Bar “Processing Policy” >> processing policy >> Policy Maps tab processing rule >> Processing Rule processing rule >> Rule Action AAA policy

Check Contents

Search Bar “AAA Policy” >> Select AAA Policy. If no AAA Policy is present, this is a finding.

Search Bar “AAA Policy” >> Select AAA Policy >> AAA policy >> Authentication. If cache authentication results “Disabled”, this is a finding.

Search Bar “Processing Policy” >> processing policy >> Policy Maps tab processing rule >> Rule Action. If no AAA action exists, this is a finding.

Vulnerability Number

V-65265

Documentable

False

Rule Version

WSDP-AG-000096

Severity Override Guidance

Search Bar “AAA Policy” >> Select AAA Policy. If no AAA Policy is present, this is a finding.

Search Bar “AAA Policy” >> Select AAA Policy >> AAA policy >> Authentication. If cache authentication results “Disabled”, this is a finding.

Search Bar “Processing Policy” >> processing policy >> Policy Maps tab processing rule >> Rule Action. If no AAA action exists, this is a finding.

Check Content Reference

M

Target Key

2859

Comments