Skip to content
Log In

CA API Gateway NDM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000515-NDM-000325

    Group
    Show

  • SRG-APP-000516-NDM-000339

    Group
    Show

  • The CA API Gateway must employ automated mechanisms to detect the addition of unauthorized components or devices.

    This requirement addresses configuration management of the network device. The network device must automatically detect the installation of unauthorized software or hardware onto the device itself....
    Rule Medium Severity
    Show

  • SRG-APP-000516-NDM-000317

    Group
    Show

  • The CA API Gateway must be installed on Red Hat Enterprise Linux (RHEL) Version 6.7 or higher.

    The API Gateway (Appliance version) depends on specific RHEL capabilities for the security, logging, and auditing subsystems. Installation on alternative or older RHEL versions may create vulnerabi...
    Rule High Severity
    Show

  • The CA API Gateway must employ RADIUS + LDAPS or LDAPS to centrally manage authentication settings.

    The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrato...
    Rule Medium Severity
    Show

  • The CA API Gateway must shut down by default upon audit failure (unless availability is an overriding concern).

    It is critical that when the network device is at risk of failing to process audit logs as required, it take action to mitigate the failure. Audit processing failures include: software/hardware err...
    Rule Medium Severity
    Show

  • In the event the authentication server is unavailable, there must be one local account of last resort.

    Authentication for administrative (privileged-level) access to the device is required at all times. An account can be created on the device's local database for use in an emergency, such as when th...
    Rule Medium Severity
    Show

  • The CA API Gateway must enforce a minimum 15-character password length.

    Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to d...
    Rule Medium Severity
    Show

  • If multifactor authentication is not supported and passwords must be used, the CA API Gateway must require that when a password is changed, the characters are changed in at least 8 of the positions within the password.

    If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules