STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA API Gateway ALG Security Technical Implementation Guide

V-237351

CAT II (Medium)

The CA API Gateway that provides intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52.

Rule ID

SV-237351r643603_rule

STIG

CA API Gateway ALG Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000068

Discussion

SP 800-52 provides guidance on using the most secure version and configuration of the TLS/SSL protocol. Using older unauthorized versions or incorrectly configuring protocol negotiation makes the Gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol. SP 800-52 sets TLS version 1.1 as a minimum version; thus, all versions of SSL are not allowed (including for client negotiation) on either DoD-only or public-facing servers. The CA API Gateway must be configured to use FIPS-140 cryptographic algorithms to meet the NIST SP 800-52 TLS settings.

Check Content

Open the CA API Gateway - Policy Manager. 

Select "Manage Cluster-Wide Properties" from the "Tasks" menu. 

If the "security.fips.enabled" property is not listed or is set to false, this is a finding.

Fix Text

Open the CA API Gateway - Policy Manager.

Select "Manage Cluster-Wide Properties" from the "Tasks" menu. 

Click "Add" and select "security.fips.enabled" from the "Key:" drop-down list. 

Set the value to "true" and click "OK".