From CA API Gateway ALG Security Technical Implementation Guide
Part of SRG-NET-000131-ALG-000086
Associated with: CCI-000381
Unrelated or unneeded proxy services increase the attack vector and add excessive complexity to the securing of the ALG. Multiple application proxies can be installed on many ALGs. However, proxy types must be limited to related functions. At a minimum, the web and email gateway represent different security domains/trust levels. Organizations should also consider separation of gateways that service the DMZ and the trusted network.
Open the CA API Gateway - Policy Manager and verify the Registered Services installed on the Gateway are only the Registered Services required by the Gateway to manage proxy services in accordance with organizational requirements. If there are other services not required by the organization or that the organization is not responsible for managing, this is a finding.
Open the CA API Gateway - Policy Manager and delete all unrelated or not needed Registered Services that are not required by the organization's CA API Gateway to manage proxy services.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer