The CA API Gateway providing content filtering must block malicious code upon detection.
An XCCDF Rule
Description
<VulnDiscussion>Taking an appropriate action based on local organizational incident handling procedures minimizes the impact of malicious code on the network. The CA API Gateway must be configured to integrate with an ICAP enabled Intrusion Detection System such as McAfee, Sophos, or Symantec. These systems must be configured in accordance with organizational requirements, which must include the blocking of malicious code once detected.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-86003r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Open the CA API Gateway - Policy Manager and double-click any of the Registered Services that did not have the "Scan Using ICAP-Enabled Antivirus" Assertion.
Add the "Scan Using ICAP-Enabled Antivirus" Assertion, configure the parameters for the Assertion in accordance with organizational requirements, and click the "Save and Activate" button.
If the organization requires that all Registered Services require the ability to block malicious code upon detection, consider adding the "Scan Using ICAP-Enabled Antivirus" Assertion to a Global Policy to meet this requirement.