STIGQter: STIG Summary: CA API Gateway NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Sep 2016:

The CA API Gateway must authenticate NTP endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based.

DISA Rule

SV-86175r1_rule

Vulnerability Number

V-71551

Group Title

SRG-APP-000395-NDM-000310

Rule Version

CAGW-DM-000260

Severity

CAT III

CCI(s)

• CCI-001967 - The information system authenticates organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Weight

10

Fix Recommendation

Configure Gateway to use public key (autokey in NTP terminology) authentication. See: http://support.ntp.org/bin/view/Support/ConfiguringAutokey

Check Contents

Verify "server" lines in the "/etc/ntp.conf" file are all marked with "autokey". Perform the command "ntpq -p" to show peer functioning.

If the "server" lines in the "/etc/ntp.conf" file are not marked with "autokey", this is a finding.

If the command "ntpq -p" does not show peers functioning, this is a finding.

Vulnerability Number

V-71551

Documentable

False

Rule Version

CAGW-DM-000260

Severity Override Guidance

Verify "server" lines in the "/etc/ntp.conf" file are all marked with "autokey". Perform the command "ntpq -p" to show peer functioning.

If the "server" lines in the "/etc/ntp.conf" file are not marked with "autokey", this is a finding.

If the command "ntpq -p" does not show peers functioning, this is a finding.

Check Content Reference

M

Target Key

3051

Comments