The CA API Gateway must employ automated mechanisms to detect the addition of unauthorized components or devices.

An XCCDF Rule

Description

<VulnDiscussion>This requirement addresses configuration management of the network device. The network device must automatically detect the installation of unauthorized software or hardware onto the device itself. Monitoring may be accomplished on an ongoing basis or by periodic monitoring. Automated mechanisms can be implemented within the network device and/or in another separate information system or device. If the addition of unauthorized components or devices is not automatically detected, then such components or devices could be used for malicious purposes, such as transferring sensitive data to removable media for compromise.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-86199r1_rule
Severity: Medium
References: CCI-000366 CCI-000416
Updated: about 1 year ago

Set contents of "/etc/modprobe.d/ssg-harden.conf" file to:

install dccp /bin/false
install sctp /bin/false
install rds /bin/false
install tipc /bin/falseinstall net-pf-31 /bin/false
install bluetooth /bin/false
install usb-storage /bin/false
options ipv6 disable=1

The CA API Gateway must employ automated mechanisms to detect the addition of unauthorized components or devices.

Description

Remediation - Manual Procedure