STIGQter STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must protect audit tools from unauthorized access.

DISA Rule

SV-85965r1_rule

Vulnerability Number

V-71341

Group Title

SRG-NET-000101-ALG-000059

Rule Version

CAGW-GW-000260

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager as an administrator.

Select "Tasks" from the main menu and chose "Manage Roles".

Select the "View Audit Records" Role and Add/Assign the users that are authorized to view the audited events as per organizational policy.

Assign any other roles to authorized users as per organizational policy.

Check Contents

Open the CA API Gateway - Policy Manager as an administrative user.

Select "Tasks" from the main menu and chose "Manage Roles".

Verify that only the authorized users of the tool have been granted their respective roles.

If any user has not been granted the proper role(s), this is a finding.

Vulnerability Number

V-71341

Documentable

False

Rule Version

CAGW-GW-000260

Severity Override Guidance

Open the CA API Gateway - Policy Manager as an administrative user.

Select "Tasks" from the main menu and chose "Manage Roles".

Verify that only the authorized users of the tool have been granted their respective roles.

If any user has not been granted the proper role(s), this is a finding.

Check Content Reference

M

Target Key

3049

Comments