The CA API Gateway must off-load audit records onto a centralized log server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-71427 | CAGW-GW-000590 | SV-86051r1_rule | Medium |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. The CA API Gateway must include a method for off-loading audit records onto a centralized log server, including External Audit Stores and Centralized Syslog Servers. |
| STIG | Date |
|---|---|
| CA API Gateway ALG Security Technical Implementation Guide | 2017-04-07 |
Details
| Check Text ( C-71817r1_chk ) |
|---|
| By default, audit records are created locally on the CA API Gateway Server and will need to be configured for off-loading using the External Audit Store Wizard or by specifying to send them to a Syslog server via TCP, UDP, or SSL. If they are not, this is a finding. |
| Fix Text (F-77745r1_fix) |
|---|
| Open the CA API Gateway - Policy Manager. Select "Tasks" and chose "Manage Log/Audit Sinks". Double-click the "ssg" log and change the "Type:" to "Syslog". Click "Syslog Settings" and specify the settings for the Centralized Syslog Server as defined by the organization. |