Check: CAGW-DM-000190
CA API Gateway NDM STIG:
CAGW-DM-000190
(in version v1 r1)
Title
The CA API Gateway must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected. (Cat II impact)
Discussion
Predictable failure prevention requires organizational planning to address device failure issues. If components key to maintaining the device's security fail to function, the device could continue operating in an insecure state. If appropriate actions are not taken when a network device failure occurs, a denial of service condition may occur which could result in mission failure since the network would be operating without a critical security monitoring and prevention function. Upon detecting a failure of network device security components, the network device must activate a system alert message, send an alarm, or shut down.
Check Content
Verify "/usr/local/bin/failtest" script exists and is executable. Verify crontab runs "/usr/local/bin/failtest" every minute by checking cron's logfile "/var/log/cron". If "/usr/local/bin/failtest" does not exist or it is not executable, this is a finding.
Fix Text
Install and configure (setup SNMP trap dest/authentication) alerter script in /usr/local/bin/failtest. Configure cron to run "/usr/local/bin/failtest" every minute as indicated by /etc/crontab entry
Additional Identifiers
Rule ID: SV-86161r1_rule
Vulnerability ID: V-71537
Group Title: SRG-APP-000268-NDM-000274
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001328 |
The organization, if an information system component failure is detected, activates an organization-defined alarm and/or automatically shuts down the information system. |