The DataPower Gateway providing content filtering must generate a log record when unauthorized network services are detected.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-65285 | WSDP-AG-000109 | SV-79775r1_rule | CCI-002684 | medium |
| Description | ||||
| Unauthorized or unapproved network services lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network services include service-oriented architectures (SOAs), cloud-based services (e.g., infrastructure as a service, platform as a service, or software as a service), cross-domain, Voice Over Internet Protocol, Instant Messaging, auto-execute, and file sharing. | ||||
| STIG | Date | |||
| IBM DataPower ALG Security Technical Implementation Guide | 2016-01-21 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SI-4(22)
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-002684
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-79775r1_chk)
Using the WebGUI, go to Network >> Management >> Web Management Service. Verify that the "WS-Management endpoint" checkbox is checked and that an IP and port for the WS-Management endpoint to connect to is configured.
If the WS-Management endpoint is not enabled (checked) or not configured, this is a finding.
Fix Text (F-71225r1_fix)
Using the WebGUI, go to Network >> Management >> Web Management Service. Check the "WS-Management endpoint" checkbox. Configure an IP and port for the WS-Management endpoint to connect to.