The CA API Gateway providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur.
An XCCDF Rule
Description
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). This requirement applies to the ALG traffic management functions, such as content filtering or intermediary services. This does not apply to audit logs generated on behalf of the device (device management). The CA API Gateway by default audits when unsuccessful attempts to log on to a Registered Service or the Gateway occur. To enable the auditing of successful events, the log level on the Gateway must be increased to INFO, as by default it is set to WARNING, which only audits events that may be considered an issue.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-86093r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Open the CA API Gateway - Policy Manager.
If a Global Policy is not set for the system, create one by selecting "Tasks" from the main menu and choosing "Create Policy".
Give the policy a name and select "Global Policy Fragment" from the Policy Type drop-down menu.