STIGQter: STIG Summary: CA API Gateway NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Sep 2016:

The CA API Gateway must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.

DISA Rule

SV-86161r1_rule

Vulnerability Number

V-71537

Group Title

SRG-APP-000268-NDM-000274

Rule Version

CAGW-DM-000190

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001328 - The organization, if an information system component failure is detected, activates an organization-defined alarm and/or automatically shuts down the information system.

Weight

10

Fix Recommendation

Install and configure (setup SNMP trap dest/authentication) alerter script in /usr/local/bin/failtest. Configure cron to run "/usr/local/bin/failtest" every minute as indicated by /etc/crontab entry

Check Contents

Verify "/usr/local/bin/failtest" script exists and is executable.

Verify crontab runs "/usr/local/bin/failtest" every minute by checking cron's logfile "/var/log/cron".

If "/usr/local/bin/failtest" does not exist or it is not executable, this is a finding.

Vulnerability Number

V-71537

Documentable

False

Rule Version

CAGW-DM-000190

Severity Override Guidance

Verify "/usr/local/bin/failtest" script exists and is executable.

Verify crontab runs "/usr/local/bin/failtest" every minute by checking cron's logfile "/var/log/cron".

If "/usr/local/bin/failtest" does not exist or it is not executable, this is a finding.

Check Content Reference

M

Target Key

3051

Comments