STIGQter STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing user access control intermediary services must automatically terminate a user session when organization-defined conditions or trigger events that require a session disconnect occur.

DISA Rule

SV-86105r1_rule

Vulnerability Number

V-71481

Group Title

SRG-NET-000517-ALG-000006

Rule Version

CAGW-GW-000950

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and double-click all Registered Services that did not meet the organization-defined conditions for session disconnects.

Configure the policies in accordance with organizational requirements for time-of-day restriction or other events requiring session disconnects and targeted responses.

For more details, refer to the "CA API Management Documentation Wiki" at https://wiki.ca.com/display/GATEWAY90/CA+API+Gateway+Home.

Check Contents

Open the CA API Gateway - Policy Manager and double-click all Registered Services requiring organization-defined conditions for session disconnects.

Verify the Registered Services' policies are configured in accordance with organizational requirements for time-of-day restrictions or other incidents causing the need for a session disconnect and targeted responses.

If they are not, this is a finding.

Vulnerability Number

V-71481

Documentable

False

Rule Version

CAGW-GW-000950

Severity Override Guidance

Open the CA API Gateway - Policy Manager and double-click all Registered Services requiring organization-defined conditions for session disconnects.

Verify the Registered Services' policies are configured in accordance with organizational requirements for time-of-day restrictions or other incidents causing the need for a session disconnect and targeted responses.

If they are not, this is a finding.

Check Content Reference

M

Target Key

3049

Comments