STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing user authentication intermediary services must implement replay-resistant authentication mechanisms for network access to non-privileged accounts.

DISA Rule

SV-85981r1_rule

Vulnerability Number

V-71357

Group Title

SRG-NET-000147-ALG-000095

Rule Version

CAGW-GW-000340

Severity

CAT II

CCI(s)

• CCI-001942 - The information system implements replay-resistant authentication mechanisms for network access to non-privileged accounts.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and open each of the Registered Services that require the replay-resistant authentication mechanisms.

Add the "Protect Against Message Replay" Assertion after the "Authenticate User or Group" or "Authenticate Against Identity Provider" Assertion.

Check Contents

Open the CA API Gateway - Policy Manager and open each of the Registered Services that requires the replay-resistant authentication mechanisms.

Verify the "Protect Against Message Replay" Assertion is present after the "Authenticate User or Group" or "Authenticate Against Identity Provider" Assertion.

If the Assertion is not present, this is a finding.

Vulnerability Number

V-71357

Documentable

False

Rule Version

CAGW-GW-000340

Severity Override Guidance

Open the CA API Gateway - Policy Manager and open each of the Registered Services that requires the replay-resistant authentication mechanisms.

Verify the "Protect Against Message Replay" Assertion is present after the "Authenticate User or Group" or "Authenticate Against Identity Provider" Assertion.

If the Assertion is not present, this is a finding.

Check Content Reference

M

Target Key

3049

Comments