STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must generate unique session identifiers using a FIPS 140-2 approved random number generator.

DISA Rule

SV-85997r1_rule

Vulnerability Number

V-71373

Group Title

SRG-NET-000234-ALG-000116

Rule Version

CAGW-GW-000420

Severity

CAT II

CCI(s)

• CCI-001188 - The information system generates unique session identifiers for each session with organization-defined randomness requirements.

Weight

10

Fix Recommendation

Refer to the “CA API Management Documentation Wiki" at the link below for directions on installing and configuring the CA API Gateway to use a SafeNet Luna HSM.

https://docops.ca.com/ca-api-gateway/9-0/en/install-and-configure-the-gateway/configure-the-appliance-gateway/configure-hardware-security-modules-hsm/configure-the-safenet-luna-sa-hsm

Check Contents

Verify the CA API Gateway is configured to use a SafeNet Luna HSM, whereupon all cryptographic algorithms performed within the HSM will use its FIPS 140-2 validated random number generation.

If the CA API Gateway is not configured to use the SafeNet Luna HSM, this is a finding.

Vulnerability Number

V-71373

Documentable

False

Rule Version

CAGW-GW-000420

Severity Override Guidance

Verify the CA API Gateway is configured to use a SafeNet Luna HSM, whereupon all cryptographic algorithms performed within the HSM will use its FIPS 140-2 validated random number generation.

If the CA API Gateway is not configured to use the SafeNet Luna HSM, this is a finding.

Check Content Reference

M

Target Key

3049

Comments