STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:

The CA API Gateway must check the validity of all data inputs except those specifically identified by the organization.

DISA Rule

SV-86089r1_rule

Vulnerability Number

V-71465

Group Title

SRG-NET-000401-ALG-000127

Rule Version

CAGW-GW-000840

Severity

CAT II

CCI(s)

• CCI-001310 - The information system checks the validity of organization-defined inputs.

Weight

10

Fix Recommendation

Open the CA API Gateway - Policy Manager and double-click each of the Registered Services required to validate inputs that do not include a "Validate XML Schema" or Validate JSON Schema" Assertion.

Add either the "Validate XML Schema" or "Validate JSON Schema" Assertions and configure in accordance with organizational requirements.

Check Contents

Open the CA API Gateway - Policy Manager and double-click all Registered Services required to validate inputs.

Verify that either the "Validate XML Schema" or "Validate JSON Schema" Assertions have been added to the policies and that they have been configured in accordance with organizational requirements.

If they have not, this is a finding.

Vulnerability Number

V-71465

Documentable

False

Rule Version

CAGW-GW-000840

Severity Override Guidance

Open the CA API Gateway - Policy Manager and double-click all Registered Services required to validate inputs.

Verify that either the "Validate XML Schema" or "Validate JSON Schema" Assertions have been added to the policies and that they have been configured in accordance with organizational requirements.

If they have not, this is a finding.

Check Content Reference

M

Target Key

3049

Comments