← Back to CA API Gateway ALG Security Technical Implementation Guide

V-237391

CAT II (Medium)

The CA API Gateway must off-load audit records onto a centralized log server.

Rule ID

SV-237391r831416_rule

STIG

CA API Gateway ALG Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-001851

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. The CA API Gateway must include a method for off-loading audit records onto a centralized log server, including External Audit Stores and Centralized Syslog Servers.

Check Content

By default, audit records are created locally on the CA API Gateway Server and will need to be configured for off-loading using the External Audit Store Wizard or by specifying to send them to a Syslog server via TCP, UDP, or SSL.

If they are not, this is a finding.

Fix Text

Open the CA API Gateway - Policy Manager.

Select "Tasks" and chose "Manage Log/Audit Sinks". 

Double-click the "ssg" log and change the "Type:" to "Syslog".

Click "Syslog Settings" and specify the settings for the Centralized Syslog Server as defined by the organization.