STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway must check the validity of all data inputs except those specifically identified by the organization.

DISA Rule

SV-79797r1_rule

Vulnerability Number

V-65307

Group Title

SRG-NET-000401-ALG-000127

Rule Version

WSDP-AG-000122

Severity

CAT II

CCI(s)

CCI-001310 - The information system checks the validity of organization-defined inputs.

Weight

Fix Recommendation

Configure the processing policy to use a Validate action. The Validate action will validate the XML or JSON message content against a WSDL or JSON schema.

Check Contents

Review the processing policy for all flows to ensure they contain Validate actions for requests and responses.

Privileged Account User logon to the WebGUI >> Open the service to modified: From the Control Panel, select the type of service to be edited (e.g., Multi-Protocol Gateway) >> The list of available services will be displayed >> Click the name of the service to be edited.

Verify configuration of the processing policy: Click the “…” button adjacent to the configured Processing Policy (in the case of a Web Service Proxy, click the “Policy” processing policy tab) >> The processing policy is displayed >> Select the rule to be edited by clicking the “Rule Name” >> Ensure there is a Validate action on the rule and that the validate action contains the appropriate schema to check the message against.

If these items have not been configured, this is a finding.

The DataPower Gateway must check the validity of all data inputs except those specifically identified by the organization.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments