STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway providing user authentication intermediary services using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of protected sessions.

DISA Rule

SV-79759r1_rule

Vulnerability Number

V-65269

Group Title

SRG-NET-000355-ALG-000117

Rule Version

WSDP-AG-000098

Severity

CAT II

CCI(s)

• CCI-002470 - The information system only allows the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Weight

10

Fix Recommendation

Type “Validation Credential” in search bar. Create ValCred with only DoD certs. When creating SSL Proxy Profiles, require mutual authentication; then use ValCred with only DoD certs.

Check Contents

Type “Validation Credential” in the nav search. Verify that ValCred has only DoD certs. If ValCred does not contain DoD certs, this is a finding.

Check config of active SSL Proxy Profiles to ensure use of ValCred. If SSL Proxy does not contain a ValCred, this is a finding.

Vulnerability Number

V-65269

Documentable

False

Rule Version

WSDP-AG-000098

Severity Override Guidance

Type “Validation Credential” in the nav search. Verify that ValCred has only DoD certs. If ValCred does not contain DoD certs, this is a finding.

Check config of active SSL Proxy Profiles to ensure use of ValCred. If SSL Proxy does not contain a ValCred, this is a finding.

Check Content Reference

M

Target Key

2859

Comments