STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing user access control intermediary services for publicly accessible applications must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system.

DISA Rule

SV-85917r1_rule

Vulnerability Number

V-71293

Group Title

SRG-NET-000043-ALG-000024

Rule Version

CAGW-GW-000150

Severity

CAT II

CCI(s)

• CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
• CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
• CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
• CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
• CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and create a Registered Service that includes a "Return Template Response" Assertion displaying the Standard Mandatory DoD-approved Notice and Consent Banner.

For more details, refer to the “CA API Management Documentation Wiki" at https://wiki.ca.com/display/GATEWAY90/CA+API+Gateway+Home.

Check Contents

Open the CA API Gateway - Policy Manager and verify a Registered Service is present for displaying the Standard Mandatory DoD-approved Notice and Consent Banner.

If the Registered Service is not present, this is a finding.

Vulnerability Number

V-71293

Documentable

False

Rule Version

CAGW-GW-000150

Severity Override Guidance

Open the CA API Gateway - Policy Manager and verify a Registered Service is present for displaying the Standard Mandatory DoD-approved Notice and Consent Banner.

If the Registered Service is not present, this is a finding.

Check Content Reference

M

Target Key

3049

Comments