STIGQter STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing intermediary services for remote access communications traffic must use encryption services that implement NIST FIPS-validated cryptography to protect the confidentiality of remote access sessions.

DISA Rule

SV-85923r1_rule

Vulnerability Number

V-71299

Group Title

SRG-NET-000062-ALG-000011

Rule Version

CAGW-GW-000170

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager.

Select Tasks >> Manage Listen Ports, double-click on each SSL listen port, select the SSL/TLS settings, deselect TLS 1.0, and select TLS 1.1 and TLS 1.2.

Verify that each Enabled Cipher Suites with a checkmark is included in NIST SP 800-52 section 3.3.2 Cipher Suites (or Appendix C if applicable).

Check Contents

Open the CA API Gateway - Policy Manager.

Select Tasks >> Manage Listen Ports and double-click on each SSL listen port.

Verify that no SSL versions are selected, TLS 1.0 is not selected, and only TLS 1.1, 1.2, and above are selected.

Verify that each Enabled Cipher Suites with a checkmark is included in NIST SP 800-52 section 3.3.2 Cipher Suites (or Appendix C if applicable).

If it is not, this is a finding.

Vulnerability Number

V-71299

Documentable

False

Rule Version

CAGW-GW-000170

Severity Override Guidance

Open the CA API Gateway - Policy Manager.

Select Tasks >> Manage Listen Ports and double-click on each SSL listen port.

Verify that no SSL versions are selected, TLS 1.0 is not selected, and only TLS 1.1, 1.2, and above are selected.

Verify that each Enabled Cipher Suites with a checkmark is included in NIST SP 800-52 section 3.3.2 Cipher Suites (or Appendix C if applicable).

If it is not, this is a finding.

Check Content Reference

M

Target Key

3049

Comments