STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing user access control intermediary services must display an explicit logoff message to users indicating the reliable termination of authenticated communications sessions.

DISA Rule

SV-86109r1_rule

Vulnerability Number

V-71485

Group Title

SRG-NET-000519-ALG-000008

Rule Version

CAGW-GW-000970

Severity

CAT II

CCI(s)

• CCI-002364 - The information system displays an explicit logout message to users indicating the reliable termination of authenticated communications sessions.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and create a Registered Service that includes a "Return Template Response" Assertion in accordance with organizational requirements for an explicit logoff message.

For more details, refer to the "CA API Management Documentation Wiki" at https://wiki.ca.com/display/GATEWAY90/CA+API+Gateway+Home.

Check Contents

Open the CA API Gateway - Policy Manager.

Verify that a Registered Service is present for displaying an explicit logoff message using a "Return Template Response" Assertion.

If the Registered Service is not present, this is a finding.

Vulnerability Number

V-71485

Documentable

False

Rule Version

CAGW-GW-000970

Severity Override Guidance

Open the CA API Gateway - Policy Manager.

Verify that a Registered Service is present for displaying an explicit logoff message using a "Return Template Response" Assertion.

If the Registered Service is not present, this is a finding.

Check Content Reference

M

Target Key

3049

Comments