STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.

DISA Rule

SV-85909r1_rule

Vulnerability Number

V-71285

Group Title

SRG-NET-000018-ALG-000017

Rule Version

CAGW-GW-000110

Severity

CAT II

CCI(s)

• CCI-001368 - The information system enforces approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager.

Double-click all Registered Services requiring enforced authorization for controlling the flow of information.

Add/update the policy with the appropriate Assertions and include the proper logic and flow based on the information derived from parsing the attributes of a message request to the API in accordance with organizational requirements.

The policy should be configured to do comparisons and provide logical groupings of assertions using the "At least one..." and "All..." assertions so multiple checks can be performed on various attributes to control access to resources.

Check Contents

Open the CA API Gateway - Policy Manager.

Double-click all Registered Services requiring enforced authorization for controlling the flow of information.

Verify the policies include the proper logic and flow based on the information derived from parsing the attributes of the message request.

The policy should be configured to do comparisons and provide logical groupings of assertions using the "At least one..." and "All..." assertions so multiple checks can be performed on various attributes to control access to resources.

If it has not, this is a finding.

Vulnerability Number

V-71285

Documentable

False

Rule Version

CAGW-GW-000110

Severity Override Guidance

Open the CA API Gateway - Policy Manager.

Double-click all Registered Services requiring enforced authorization for controlling the flow of information.

Verify the policies include the proper logic and flow based on the information derived from parsing the attributes of the message request.

The policy should be configured to do comparisons and provide logical groupings of assertions using the "At least one..." and "All..." assertions so multiple checks can be performed on various attributes to control access to resources.

If it has not, this is a finding.

Check Content Reference

M

Target Key

3049

Comments