Free DISA STIG and SRG Library | Vaulted

V-71565

The CA API Gateway must generate audit records showing starting and ending time for administrator access to the system.

Finding ID
CAGW-DM-000330
Rule ID
SV-86189r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000505-NDM-000322
CCI
CCI-000172
Target Key
(None)
Documentable
No
Discussion

Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the network device (e.g., module or policy filter).

Fix Text

Obtain a copy of the appropriate audit package RPM file from CA Support and install it using RPM: rpm -i "RPMFILE"

Check Content

Confirm the CA API Gateway file "/etc/audit/audit.rules" is the file as distributed using command: rpm -Vf /etc/audit/audit.rules If the string returned contains a "5" (ok: .......T., failure: S.5....T.), this is a finding.