STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway must prohibit the use of cached authenticators after an organization-defined time period.

DISA Rule

SV-79753r1_rule

Vulnerability Number

V-65263

Group Title

SRG-NET-000344-ALG-000098

Rule Version

WSDP-AG-000095

Severity

CAT II

CCI(s)

• CCI-002007 - The information system prohibits the use of cached authenticators after an organization-defined time period.

Weight

10

Fix Recommendation

Search Bar “AAA Policy” >> Select AAA Policy >> AAA policy >> Authentication >> Cache authentication results “Absolute” or “Maximum” or “Minimum” >> Cache Lifetime cache value.

Search Bar “Processing Policy” >> processing policy >> Policy Maps tab processing rule >> Processing Rule processing rule >> Rule Action AAA policy

Check Contents

Search Bar “AAA Policy” >> Select AAA Policy. If no AAA Policy is present, this is a finding.

Search Bar “AAA Policy” >> Select AAA Policy >> AAA policy >> Authentication. If cache authentication results “Disabled”, this is a finding.

Search Bar “Processing Policy” >> processing policy >> Policy Maps tab processing rule >> Rule Action. If no AAA action exists, this is a finding.

Vulnerability Number

V-65263

Documentable

False

Rule Version

WSDP-AG-000095

Severity Override Guidance

Search Bar “AAA Policy” >> Select AAA Policy. If no AAA Policy is present, this is a finding.

Search Bar “AAA Policy” >> Select AAA Policy >> AAA policy >> Authentication. If cache authentication results “Disabled”, this is a finding.

Search Bar “Processing Policy” >> processing policy >> Policy Maps tab processing rule >> Rule Action. If no AAA action exists, this is a finding.

Check Content Reference

M

Target Key

2859

Comments