STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing user authentication intermediary services must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

DISA Rule

SV-86053r1_rule

Vulnerability Number

V-71429

Group Title

SRG-NET-000337-ALG-000096

Rule Version

CAGW-GW-000600

Severity

CAT II

CCI(s)

• CCI-002038 - The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and update the Registered Services installed on the CA API Gateway that require reauthentication mechanisms with logic to check for session token expiration.

For more details, refer to the “CA API Management Documentation Wiki" at https://wiki.ca.com/display/GATEWAY90/CA+API+Gateway+Home.

Check Contents

Open the CA API Gateway - Policy Manager and verify the Registered Services installed on the Gateway that require re-authentication mechanisms are configured to check for session token expiration.

If they are not, this is a finding.

Vulnerability Number

V-71429

Documentable

False

Rule Version

CAGW-GW-000600

Severity Override Guidance

Open the CA API Gateway - Policy Manager and verify the Registered Services installed on the Gateway that require re-authentication mechanisms are configured to check for session token expiration.

If they are not, this is a finding.

Check Content Reference

M

Target Key

3049

Comments