Checklist Summary:

The Computer Associates (CA) Application Programming Interface (API) Gateway Security Technical Implementation Guides (STIGs) provide technical security policies, requirements, and implementation details for applying security concepts to a gateway combining policy management and central policy enforcement. This Network Device Management (NDM) STIG contains the requirements necessary to secure the management plane of the CA API Gateway servers and is based on the NDM Security Requirements Guide (SRG). The CA API Gateway enables an enterprise solution for backend data and applications integrating with existing Identity Access Management (IAM) solutions. The Gateway includes a built-in Public Key Infrastructure (PKI) engine, FIPS 140-2 level encryption, and Security Assertion Markup Language (SAML) support. The Gateway form factors within scope of this STIG are the network device and virtual appliance running on the Red Hat Enterprise Linux (RHEL) operating system.

Checklist Role:

• Business Productivity Application

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Instruction (DoDI) 8500.01

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

updated to FINAL - 12/07/2016
Updated CA API Gateway ALG to Version 1, Release 2 - 04/28/2017
Updated to FINAL - 05/30/2017
null
Updated URL to reflect change to the DISA website - http --> https
Updated URLs - 6/5/19
Updated Version, Resources, References, SHA and Status - 08/08/2024

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 08/08/2024