STIGQter STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing intermediary services for remote access communications traffic must control remote access methods.

DISA Rule

SV-86017r1_rule

Vulnerability Number

V-71393

Group Title

SRG-NET-000313-ALG-000010

Rule Version

CAGW-GW-000520

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open the CA API GW - Policy Manager.

Select the Registered Services that do not have controls for Access Methods that are responsible for remote access communications traffic, such as FTP, HTTP, HTTPS, etc.

Using the Message Routing Policy Assertions, customize the security policies for the Services to include the various types of communications protocols, such as FTP, HTTP, HTTPS, etc. Include only the required organizational remote access protocols.

Additionally, select Tasks >> Manage Listen Ports and create the required listen ports for the remote access methods needed. If policies are required to be attached to the port, as is the case with an FTP Listen port, assign the policy to the listen port in accordance with organizational requirements for managing and monitoring the remote access protocol and communication traffic.

All other communications protocols and methods will be rejected.

Check Contents

Open the CA API GW - Policy Manager.

Verify the Services requiring remote access controls are registered on the Gateway.

Check each Service's policy and verify the required communications protocols' Assertions have been added as per organizational requirements.

Additionally, select Tasks >> Manage Listen Ports and verify listen ports have been created for each type of Remote Access, such as HTTP, HTTPS, FTP, etc.

If the required communication protocols have not been set in the policies or the listen ports have not been configured, this is a finding.

Vulnerability Number

V-71393

Documentable

False

Rule Version

CAGW-GW-000520

Severity Override Guidance

Open the CA API GW - Policy Manager.

Verify the Services requiring remote access controls are registered on the Gateway.

Check each Service's policy and verify the required communications protocols' Assertions have been added as per organizational requirements.

Additionally, select Tasks >> Manage Listen Ports and verify listen ports have been created for each type of Remote Access, such as HTTP, HTTPS, FTP, etc.

If the required communication protocols have not been set in the policies or the listen ports have not been configured, this is a finding.

Check Content Reference

M

Target Key

3049

Comments