STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing user access control intermediary services must retain the Standard Mandatory DoD-approved Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.

DISA Rule

SV-85915r1_rule

Vulnerability Number

V-71291

Group Title

SRG-NET-000042-ALG-000023

Rule Version

CAGW-GW-000140

Severity

CAT II

CCI(s)

• CCI-000050 - The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and create a Registered Service that includes a "Return Template Response" Assertion displaying the Standard Mandatory DoD-approved Notice and Consent Banner.

Add additional policy Assertions to check for whether the banner was acknowledged or not and grant access accordingly to the logon page.

For more details, refer to the "Layer 7 Policy Authoring User Manual".

Check Contents

Open the CA API Gateway - Policy Manager and verify a Registered Service is present for displaying the Standard Mandatory DoD-approved Notice and Consent Banner.

If the Registered Service is not present, this is a finding.

Vulnerability Number

V-71291

Documentable

False

Rule Version

CAGW-GW-000140

Severity Override Guidance

Open the CA API Gateway - Policy Manager and verify a Registered Service is present for displaying the Standard Mandatory DoD-approved Notice and Consent Banner.

If the Registered Service is not present, this is a finding.

Check Content Reference

M

Target Key

3049

Comments