SV-85991r1_rule
V-71367
SRG-NET-000228-ALG-000108
CAGW-GW-000390
CAT II
10
Open the CA API Gateway - Policy Manager.
Double-click on the Registered Services that did not have the "Protect Against SQL Attacks" and "Protect Against Code Injection" Threat Protection Assertions added to their policies and add them from the list of Assertions.
Chose from the list of available protections for the Assertions to meet the appropriate organizational requirement for protection against unusual mobile code activity.
Open the CA API Gateway - Policy Manager.
Double-click all Registered Services that require protection from unusual mobile code activity and verify the "Protect Against SQL Attacks" and "Protect Against Code Injection" Threat Protection Assertions are included as part of the policies.
If they are not included, this is a finding.
V-71367
False
CAGW-GW-000390
Open the CA API Gateway - Policy Manager.
Double-click all Registered Services that require protection from unusual mobile code activity and verify the "Protect Against SQL Attacks" and "Protect Against Code Injection" Threat Protection Assertions are included as part of the policies.
If they are not included, this is a finding.
M
3049