STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway providing user authentication intermediary services must restrict user authentication traffic to specific authentication server(s).

DISA Rule

SV-85977r1_rule

Vulnerability Number

V-71353

Group Title

SRG-NET-000138-ALG-000089

Rule Version

CAGW-GW-000320

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager.

Select the "Identity Providers" tab, right-click a Registered Identity Provider such as an LDAP Identity Provider, and select "Properties".

Add the additional "LDAP Host URLs" to the list in accordance with organizational requirements and click "Finish".

Check Contents

Open the CA API Gateway - Policy Manager.

Select the "Identity Providers" tab, right-click a Registered Identity Provider, such as an LDAP Identity Provider, and select "Properties".

Verify that a list of "LDAP Host URLs" is provided for use in authentication against this provider.

If all of the servers needed for authentication are not listed in accordance with organizational requirements, this is a finding.

Vulnerability Number

V-71353

Documentable

False

Rule Version

CAGW-GW-000320

Severity Override Guidance

Open the CA API Gateway - Policy Manager.

Select the "Identity Providers" tab, right-click a Registered Identity Provider, such as an LDAP Identity Provider, and select "Properties".

Verify that a list of "LDAP Host URLs" is provided for use in authentication against this provider.

If all of the servers needed for authentication are not listed in accordance with organizational requirements, this is a finding.

Check Content Reference

M

Target Key

3049

Comments