STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing user authentication intermediary services must transmit only encrypted representations of passwords.

DISA Rule

SV-86087r1_rule

Vulnerability Number

V-71463

Group Title

SRG-NET-000400-ALG-000097

Rule Version

CAGW-GW-000830

Severity

CAT II

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and open each of the Registered Services that requires authentication passwords to be protected and that does not include the "Require SSL or TLS Transport" Assertion.

Add the "Require SSL or TLS Transport" Assertion and click the "Save and Activate" button to activate the changes to the policy.

Check Contents

Open the CA API Gateway - Policy Manager and open each of the Registered Services that requires the authentication passwords to be protected.

Verify the "Require SSL or TLS Transport" Assertion is present.

If it is not, this is a finding.

Vulnerability Number

V-71463

Documentable

False

Rule Version

CAGW-GW-000830

Severity Override Guidance

Open the CA API Gateway - Policy Manager and open each of the Registered Services that requires the authentication passwords to be protected.

Verify the "Require SSL or TLS Transport" Assertion is present.

If it is not, this is a finding.

Check Content Reference

M

Target Key

3049

Comments