STIGQter STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

DISA Rule

SV-79771r1_rule

Vulnerability Number

V-65281

Group Title

SRG-NET-000380-ALG-000128

Rule Version

WSDP-AG-000106

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Using the WebGUI, go to Objects >> XML Processing >> Matching Rule to define a rule that defines the expected form of the incoming message. If there is no match, the message will be discarded.

Go to Objects >> XML Processing >> Processing Rule to define error rules that provide appropriate system responses to invalid and unexpected inputs. Invalid messages must be discarded.

Check Contents

Using the WebGUI, go to Objects >> XML Processing >> Matching Rule to verify there is a rule that defines the expected form of the incoming message. If there is no match, the message will be discarded.

Go to Objects >> XML Processing >> Processing Rule to verify there are error rules that provide appropriate system responses to invalid and unexpected inputs.

If no error rules discarding invalid messages are configured, this is a finding.

Vulnerability Number

V-65281

Documentable

False

Rule Version

WSDP-AG-000106

Severity Override Guidance

Using the WebGUI, go to Objects >> XML Processing >> Matching Rule to verify there is a rule that defines the expected form of the incoming message. If there is no match, the message will be discarded.

Go to Objects >> XML Processing >> Processing Rule to verify there are error rules that provide appropriate system responses to invalid and unexpected inputs.

If no error rules discarding invalid messages are configured, this is a finding.

Check Content Reference

M

Target Key

2859

Comments