Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
CA API Gateway ALG Security Technical Implementation Guide
SRG-NET-000131-ALG-000086
SRG-NET-000131-ALG-000086
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-NET-000131-ALG-000086
1 Rule
<GroupDescription></GroupDescription>
The CA API Gateway must be configured to remove or disable unrelated or unneeded application proxy services.
Medium Severity
<VulnDiscussion>Unrelated or unneeded proxy services increase the attack vector and add excessive complexity to the securing of the ALG. Multiple application proxies can be installed on many ALGs. However, proxy types must be limited to related functions. At a minimum, the web and email gateway represent different security domains/trust levels. Organizations should also consider separation of gateways that service the DMZ and the trusted network. The CA API Gateway allows administrators to register only the necessary services that require reverse proxy to the internal organization’s network. All other services must not be enabled on the CA API Gateway until registered and assigned the appropriate amount of security policy to meet the organization's requirements.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>