STIGQter: STIG Summary: CA API Gateway NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Sep 2016:

The CA API Gateway must employ automated mechanisms to detect the addition of unauthorized components or devices.

DISA Rule

SV-86199r1_rule

Vulnerability Number

V-71575

Group Title

SRG-APP-000516-NDM-000339

Rule Version

CAGW-DM-000370

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.
CCI-000416 - The organization employs automated mechanisms, per organization-defined frequency, to detect the presence of unauthorized hardware, software, and firmware components within the information system.

Weight

Fix Recommendation

Set contents of "/etc/modprobe.d/ssg-harden.conf" file to:

install dccp /bin/false
install sctp /bin/false
install rds /bin/false
install tipc /bin/false
install net-pf-31 /bin/false
install bluetooth /bin/false
install usb-storage /bin/false
options ipv6 disable=1

Check Contents

Verify "/etc/modprobe.d/ssg-harden.conf" contents are:

install dccp /bin/false
install sctp /bin/false
install rds /bin/false
install tipc /bin/false
install net-pf-31 /bin/false
install bluetooth /bin/false
install usb-storage /bin/false
options ipv6 disable=1

If the "/etc/modprobe.d/ssg-harden.conf" contents do not contain the above, this is a finding.

The CA API Gateway must employ automated mechanisms to detect the addition of unauthorized components or devices.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments