STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must protect audit information from unauthorized deletion.

DISA Rule

SV-85963r1_rule

Vulnerability Number

V-71339

Group Title

SRG-NET-000100-ALG-000058

Rule Version

CAGW-GW-000250

Severity

CAT II

CCI(s)

• CCI-000164 - The information system protects audit information from unauthorized deletion.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager as an administrator.

Select "Tasks" from the main menu and chose "Manage Roles".

Select the "View Audit Records" Role and Add/Assign the users that are authorized to view the audited events as per organizational policy.

Check Contents

Open the CA API Gateway - Policy Manager.

Select "Tasks" from the main menu and choose "Manage Roles".

Verify that only authorized users have been given the "View Audit Records" role.

If unauthorized users are granted this role, this is a finding.

Vulnerability Number

V-71339

Documentable

False

Rule Version

CAGW-GW-000250

Severity Override Guidance

Open the CA API Gateway - Policy Manager.

Select "Tasks" from the main menu and choose "Manage Roles".

Verify that only authorized users have been given the "View Audit Records" role.

If unauthorized users are granted this role, this is a finding.

Check Content Reference

M

Target Key

3049

Comments