The CA API Gateway must off-load audit records onto a centralized log server.

An XCCDF Rule

Description

<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. The CA API Gateway must include a method for off-loading audit records onto a centralized log server, including External Audit Stores and Centralized Syslog Servers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-86051r1_rule
Severity: Medium
References: CCI-001851
Updated: about 1 year ago

Open the CA API Gateway - Policy Manager.

Select "Tasks" and chose "Manage Log/Audit Sinks". 

Double-click the "ssg" log and change the "Type:" to "Syslog".
Click "Syslog Settings" and specify the settings for the Centralized Syslog Server as defined by the organization.

The CA API Gateway must off-load audit records onto a centralized log server.

Description

Remediation - Manual Procedure