STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA API Gateway NDM Security Technical Implementation Guide

V-255509

CAT II (Medium)

The CA API Gateway must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.

Rule ID

SV-255509r961863_rule

STIG

CA API Gateway NDM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366, CCI-001328

Discussion

Predictable failure prevention requires organizational planning to address device failure issues. If components key to maintaining the device's security fail to function, the device could continue operating in an insecure state. If appropriate actions are not taken when a network device failure occurs, a denial of service condition may occur which could result in mission failure since the network would be operating without a critical security monitoring and prevention function. Upon detecting a failure of network device security components, the network device must activate a system alert message, send an alarm, or shut down.

Check Content

Verify "/usr/local/bin/failtest" script exists and is executable. 

Verify crontab runs "/usr/local/bin/failtest" every minute by checking cron's logfile "/var/log/cron".

If "/usr/local/bin/failtest" does not exist or it is not executable, this is a finding.

Fix Text

Install and configure (setup SNMP trap dest/authentication) alerter script in /usr/local/bin/failtest. Configure cron to run "/usr/local/bin/failtest" every minute as indicated by /etc/crontab entry