STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must protect the authenticity of communications sessions.

DISA Rule

SV-85993r1_rule

Vulnerability Number

V-71369

Group Title

SRG-NET-000230-ALG-000113

Rule Version

CAGW-GW-000400

Severity

CAT II

CCI(s)

• CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and double-click any of the Registered Services that do not have the "Require SSL or TLS Transport with Client Certificate Authentication" Assertion.

Optionally, if a Global Policy has been set, double-click that policy to inspect the contents.

Add the "Require SSL or TLS Transport with Client Certificate Authentication" Assertion to the policy and click "Save and Activate".

Check Contents

Open the CA API Gateway - Policy Manager and double-click any of the Registered Services that require the protection of communications sessions or mutual authentication.

Optionally, if a Global Policy has been set, double-click that policy to inspect the contents.

If the "Require SSL or TLS Transport with Client Certificate Authentication" Assertion is not present, this is a finding.

Vulnerability Number

V-71369

Documentable

False

Rule Version

CAGW-GW-000400

Severity Override Guidance

Open the CA API Gateway - Policy Manager and double-click any of the Registered Services that require the protection of communications sessions or mutual authentication.

Optionally, if a Global Policy has been set, double-click that policy to inspect the contents.

If the "Require SSL or TLS Transport with Client Certificate Authentication" Assertion is not present, this is a finding.

Check Content Reference

M

Target Key

3049

Comments