SV-86019r1_rule
V-71395
SRG-NET-000318-ALG-000014
CAGW-GW-000530
CAT II
10
Open the CA API Gateway - Policy Manager.
Double-click on the Registered Services that do not have the "Protect Against SQL Attacks" and "Protect Against Code Injection" Threat Protection Assertions added to their policies and add them from the list of Assertions.
Chose from the list of available protections for the Assertions to meet the appropriate organizational requirement.
Open the CA API Gateway - Policy Manager.
Double-click all Registered Services that access a protected database and verify the "Protect Against SQL Attacks" and "Protect Against Code Injection" Threat Protection Assertions are included as part of the policies.
If they are not included, this is a finding.
V-71395
False
CAGW-GW-000530
Open the CA API Gateway - Policy Manager.
Double-click all Registered Services that access a protected database and verify the "Protect Against SQL Attacks" and "Protect Against Code Injection" Threat Protection Assertions are included as part of the policies.
If they are not included, this is a finding.
M
3049