STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must reveal error messages only to the ISSO, ISSM, and SCA.

DISA Rule

SV-86091r1_rule

Vulnerability Number

V-71467

Group Title

SRG-NET-000402-ALG-000130

Rule Version

CAGW-GW-000850

Severity

CAT II

CCI(s)

• CCI-001314 - The information system reveals error messages only to organization-defined personnel or roles.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and double-click all Registered Services requiring limited error messaging feedback to end users that were not configured properly.

Add the "Customize Error Response" and/or "Customize Soap Fault Response" Assertion and configure in accordance with organizational requirements.

Check Contents

Open the CA API Gateway - Policy Manager and double-click all Registered Services requiring limited error messaging feedback to end users.

Verify that the policy is configured to deliver limited error feedback to the user via the "Customize Error Response" and/or "Customize Soap Fault Response" Assertion in accordance with organizational requirements.

If it is not, this is a finding.

Vulnerability Number

V-71467

Documentable

False

Rule Version

CAGW-GW-000850

Severity Override Guidance

Open the CA API Gateway - Policy Manager and double-click all Registered Services requiring limited error messaging feedback to end users.

Verify that the policy is configured to deliver limited error feedback to the user via the "Customize Error Response" and/or "Customize Soap Fault Response" Assertion in accordance with organizational requirements.

If it is not, this is a finding.

Check Content Reference

M

Target Key

3049

Comments