STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services.

DISA Rule

SV-86111r1_rule

Vulnerability Number

V-71487

Group Title

SRG-NET-000510-ALG-000111

Rule Version

CAGW-GW-000900

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager.

Double-click each of the Registered Services that require NIST-FIPS validated encryption services.

Add the "Encrypt XML Element" and/or "Encrypt Element" to the policy and configure in accordance with organizational requirements.

Check Contents

Open the CA API Gateway - Policy Manager.

Double-click each of the Registered Services that requires NIST-FIPS validated encryption services.

Verify that the "Encrypt XML Element" or "Encrypt Element" Assertion has/have been added to the policy in accordance with organizational requirements.

If the Assertion(s) is/are not present, this is a finding.

Vulnerability Number

V-71487

Documentable

False

Rule Version

CAGW-GW-000900

Severity Override Guidance

Open the CA API Gateway - Policy Manager.

Double-click each of the Registered Services that requires NIST-FIPS validated encryption services.

Verify that the "Encrypt XML Element" or "Encrypt Element" Assertion has/have been added to the policy in accordance with organizational requirements.

If the Assertion(s) is/are not present, this is a finding.

Check Content Reference

M

Target Key

3049

Comments