STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must generate audit records containing information to establish the identity of any individual or process associated with the event.

DISA Rule

SV-85959r1_rule

Vulnerability Number

V-71335

Group Title

SRG-NET-000079-ALG-000048

Rule Version

CAGW-GW-000230

Severity

CAT II

CCI(s)

• CCI-001487 - The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager.

Open the Registered Services that do not have the "Audit Messages in Policy" Assertion and add it to the top of the Registered Services policies.

Check Contents

Open the CA API Gateway - Policy Manager and verify all of the Registered Services have the "Audit Messages in Policy" Assertion added to the Service.

If any of the Registered Services do not have the "Audit Messages in Policy" Assertion added, this is a finding.

Vulnerability Number

V-71335

Documentable

False

Rule Version

CAGW-GW-000230

Severity Override Guidance

Open the CA API Gateway - Policy Manager and verify all of the Registered Services have the "Audit Messages in Policy" Assertion added to the Service.

If any of the Registered Services do not have the "Audit Messages in Policy" Assertion added, this is a finding.

Check Content Reference

M

Target Key

3049

Comments