Rule ID
SV-237358r643624_rule
Version
V1R3
CCIs
CCI-001493
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit data. Network elements providing tools to interface with audit data will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user enjoys in order to make decisions regarding access to audit tools. There is only one tool used to view audited events within the CA API Gateway. That tool is the CA API Gateway - Policy Manager. Use of this tool must be granted and policed by the organization, only allowing individuals access as needed in accordance with the organizational requirements.
Open the CA API Gateway - Policy Manager as an administrative user. Select "Tasks" from the main menu and chose "Manage Roles". Verify that only the authorized users of the tool have been granted their respective roles. If any user has not been granted the proper role(s), this is a finding.
Open the CA API Gateway - Policy Manager as an administrator. Select "Tasks" from the main menu and chose "Manage Roles". Select the "View Audit Records" Role and Add/Assign the users that are authorized to view the audited events as per organizational policy. Assign any other roles to authorized users as per organizational policy.