The CA API Gateway must off-load audit records onto a centralized log server.

From CA API Gateway ALG Security Technical Implementation Guide

Associated with: CCI-001851

SV-86051r1_rule The CA API Gateway must off-load audit records onto a centralized log server.

Vulnerability discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Off-loading is a common process in information systems with limited audit storage capacity.The CA API Gateway must include a method for off-loading audit records onto a centralized log server, including External Audit Stores and Centralized Syslog Servers.

Check content

By default, audit records are created locally on the CA API Gateway Server and will need to be configured for off-loading using the External Audit Store Wizard or by specifying to send them to a Syslog server via TCP, UDP, or SSL. If they are not, this is a finding.

Fix text

Open the CA API Gateway - Policy Manager. Select "Tasks" and chose "Manage Log/Audit Sinks". Double-click the "ssg" log and change the "Type:" to "Syslog". Click "Syslog Settings" and specify the settings for the Centralized Syslog Server as defined by the organization.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.