STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must protect audit information from unauthorized read access.

DISA Rule

SV-85961r1_rule

Vulnerability Number

V-71337

Group Title

SRG-NET-000098-ALG-000056

Rule Version

CAGW-GW-000240

Severity

CAT II

CCI(s)

• CCI-000162 - The information system protects audit information from unauthorized access.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager as an administrator.

Select "Tasks" from the main menu and chose "Manage Roles".

Remove the unauthorized user from any role they should not be a member of, including the "View Audit Records" role.

Additionally, consider removing the user completely or removing the user from any groups within the identity provider that may be assigned to a role for which the user may not be authorized.

Check Contents

Open the CA API Gateway - Policy Manager.

Select "Tasks" from the main menu and chose "Manage Roles". Verify that only authorized users have been given the "View Audit Records" role.

If unauthorized users are granted this role, this is a finding.

Vulnerability Number

V-71337

Documentable

False

Rule Version

CAGW-GW-000240

Severity Override Guidance

Open the CA API Gateway - Policy Manager.

Select "Tasks" from the main menu and chose "Manage Roles". Verify that only authorized users have been given the "View Audit Records" role.

If unauthorized users are granted this role, this is a finding.

Check Content Reference

M

Target Key

3049

Comments