UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The CA API Gateway must off-load audit records onto a centralized log server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-71427 CAGW-GW-000590 SV-86051r1_rule Medium
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. The CA API Gateway must include a method for off-loading audit records onto a centralized log server, including External Audit Stores and Centralized Syslog Servers.
STIG Date
CA API Gateway ALG Security Technical Implementation Guide 2017-04-07

Details

Check Text ( C-71817r1_chk )
By default, audit records are created locally on the CA API Gateway Server and will need to be configured for off-loading using the External Audit Store Wizard or by specifying to send them to a Syslog server via TCP, UDP, or SSL.

If they are not, this is a finding.
Fix Text (F-77745r1_fix)
Open the CA API Gateway - Policy Manager.

Select "Tasks" and chose "Manage Log/Audit Sinks".

Double-click the "ssg" log and change the "Type:" to "Syslog".

Click "Syslog Settings" and specify the settings for the Centralized Syslog Server as defined by the organization.