STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries.

DISA Rule

SV-86011r1_rule

Vulnerability Number

V-71387

Group Title

SRG-NET-000273-ALG-000129

Rule Version

CAGW-GW-000490

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and double-click each of the Registered Services that require a customized error response and did not include a "Customize Error Response" Assertion.

Add the "Customize Error Response" Assertion to the policy, placing and configuring it in accordance with organizational requirements.

Check Contents

Open the CA API Gateway - Policy Manager and double-click all Registered Services that require a customized error response, revealing only the necessary information about an error.

Verify the "Customize Error Response" Assertion is included in the policy and placed in accordance with organizational requirements.

If it is not, this is a finding.

Vulnerability Number

V-71387

Documentable

False

Rule Version

CAGW-GW-000490

Severity Override Guidance

Open the CA API Gateway - Policy Manager and double-click all Registered Services that require a customized error response, revealing only the necessary information about an error.

Verify the "Customize Error Response" Assertion is included in the policy and placed in accordance with organizational requirements.

If it is not, this is a finding.

Check Content Reference

M

Target Key

3049

Comments