STIGQter: STIG Summary: CA API Gateway NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Sep 2016:

The CA API Gateway must employ automated mechanisms to assist in the tracking of security incidents.

DISA Rule

SV-86197r1_rule

Vulnerability Number

V-71573

Group Title

SRG-APP-000516-NDM-000342

Rule Version

CAGW-DM-000400

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-000833 - The organization employs automated mechanisms to assist in the tracking of security incidents.

Weight

10

Fix Recommendation

Configure the CA API Gateway to forward all log audit log messages to the central log server.

- Log in to CA API Gateway as root.
- Open "/etc/rsyslog.conf" for editing.
- Add a rule "*.* @@loghost.log.com" to the ruleset section of the rsyslogd.conf file.

Check Contents

Verify the CA API Gateway forwards all log audit log messages to the central log server.

Within the "/etc/rsyslog.conf" file, confirm a rule in the format "*.* @@loghost.log.com" is in the ruleset section.

If the CA API Gateway "/etc/rsyslog.conf" file does not have a rule in the format "*.* @@loghost.log.com" in the ruleset section, this is a finding.

Vulnerability Number

V-71573

Documentable

False

Rule Version

CAGW-DM-000400

Severity Override Guidance

Verify the CA API Gateway forwards all log audit log messages to the central log server.

Within the "/etc/rsyslog.conf" file, confirm a rule in the format "*.* @@loghost.log.com" is in the ruleset section.

If the CA API Gateway "/etc/rsyslog.conf" file does not have a rule in the format "*.* @@loghost.log.com" in the ruleset section, this is a finding.

Check Content Reference

M

Target Key

3051

Comments