STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must terminate all network connections associated with a Policy Manager session at the end of the session or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity within the Policy Manager, and for user sessions simply viewing the contents of Policy Manager or viewing Audit Logs for tracking purposes (non-privileged session), the session must be terminated after 15 minutes of inactivity.

DISA Rule

SV-85989r1_rule

Vulnerability Number

V-71365

Group Title

SRG-NET-000213-ALG-000107

Rule Version

CAGW-GW-000380

Severity

CAT II

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and select "Preferences" from the main menu.

Update the inactivity timeout in accordance with organizational requirements.

Check Contents

Open the CA API Gateway - Policy Manager and select "Preferences" from the main menu.

Verify the inactivity timeout is set in accordance with organizational requirements.

If it is not, this is a finding.

Vulnerability Number

V-71365

Documentable

False

Rule Version

CAGW-GW-000380

Severity Override Guidance

Open the CA API Gateway - Policy Manager and select "Preferences" from the main menu.

Verify the inactivity timeout is set in accordance with organizational requirements.

If it is not, this is a finding.

Check Content Reference

M

Target Key

3049

Comments