Skip to content
Catalogs
XCCDF
CA API Gateway ALG Security Technical Implementation Guide
SRG-NET-000079-ALG-000048
The CA API Gateway must generate audit records containing information to establish the identity of any individual or process associated with the event.
The CA API Gateway must generate audit records containing information to establish the identity of any individual or process associated with the event. An XCCDF Rule
The CA API Gateway must generate audit records containing information to establish the identity of any individual or process associated with the event.
Medium Severity
<VulnDiscussion>Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event.
Associating information about where the event occurred within the network provides a means of investigating an attack, recognizing resource utilization or capacity thresholds, or identifying an improperly configured network element.
The CA API Gateway must have the "Audit Messages in Policy" Assertion added to all policies.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>