STIGQter STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway providing user access control intermediary services must retain the Standard Mandatory DoD-approved Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.

DISA Rule

SV-79687r1_rule

Vulnerability Number

V-65197

Group Title

SRG-NET-000042-ALG-000023

Rule Version

WSDP-AG-000012

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The application designer will create a service object in DataPower (e.g., Multi Protocol Gateway). As part of the object configuration, the application designer will create a Processing Policy object. The processing policy controls access to the Processing Rules of the application.

The application designer will create a Processing Rule that allows the banner page to be displayed when a user accesses the application. The application designer will ensure that the banner page redirects the application user to the appropriate next step (e.g., logon page, application page, etc.) after the end user has accepted the terms of the agreement.

Check Contents

For an HTTPS application hosted on DataPower to display a landing page, the application designer will need to make that landing page available on the DataPower appliance or remotely accessible on a server. This landing page will be the page that the user sees, and the user will have to acknowledge this page before being redirected to the application/logon.

If the banner page does not load when first accessing an application, this is a finding.

Vulnerability Number

V-65197

Documentable

False

Rule Version

WSDP-AG-000012

Severity Override Guidance

For an HTTPS application hosted on DataPower to display a landing page, the application designer will need to make that landing page available on the DataPower appliance or remotely accessible on a server. This landing page will be the page that the user sees, and the user will have to acknowledge this page before being redirected to the application/logon.

If the banner page does not load when first accessing an application, this is a finding.

Check Content Reference

M

Target Key

2859

Comments