STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must invalidate session identifiers upon user logout or other session termination.

DISA Rule

SV-85995r1_rule

Vulnerability Number

V-71371

Group Title

SRG-NET-000231-ALG-000114

Rule Version

CAGW-GW-000410

Severity

CAT II

CCI(s)

• CCI-001185 - The information system invalidates session identifiers upon user logout or other session termination.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and open each of the Registered Services that did not include the "Protect Against Message Replay" Assertion but that require the protection.

Add the "Protect Against Message Replay" Assertion to the policies, configure the Assertion in accordance with organizational requirements, and click "Save and Activate".

Check Contents

Open the CA API Gateway - Policy Manager and open each of the Registered Services that require the invalidation of session identifiers in order to protect against replay attacks.

Verify the "Protect Against Message Replay" Assertion is present after the "Authenticate User or Group" or "Authenticate Against Identity Provider" Assertion.

If the Assertion is not present, this is a finding.

Vulnerability Number

V-71371

Documentable

False

Rule Version

CAGW-GW-000410

Severity Override Guidance

Open the CA API Gateway - Policy Manager and open each of the Registered Services that require the invalidation of session identifiers in order to protect against replay attacks.

Verify the "Protect Against Message Replay" Assertion is present after the "Authenticate User or Group" or "Authenticate Against Identity Provider" Assertion.

If the Assertion is not present, this is a finding.

Check Content Reference

M

Target Key

3049

Comments