Free DISA STIG and SRG Library | Vaulted

V-71563

The CA API Gateway must generate audit records when successful/unsuccessful logon attempts occur.

Finding ID
CAGW-DM-000320
Rule ID
SV-86187r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000503-NDM-000320
CCI
CCI-000172
Target Key
(None)
Documentable
No
Discussion

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the network device (e.g., module or policy filter).

Fix Text

Obtain a copy of the appropriate audit package RPM file from CA Support and install it using RPM: rpm -i "RPMFILE"

Check Content

Confirm the CA API Gateway file "/etc/audit/audit.rules" is the file as distributed using command: rpm -Vf /etc/audit/audit.rules If the string returned contains a "5" (ok: .......T., failure: S.5....T.), this is a finding.