STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA API Gateway NDM Security Technical Implementation Guide

V-255527

CAT II (Medium)

The CA API Gateway must employ automated mechanisms to detect the addition of unauthorized components or devices.

Rule ID

SV-255527r961863_rule

STIG

CA API Gateway NDM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366, CCI-000416

Discussion

This requirement addresses configuration management of the network device. The network device must automatically detect the installation of unauthorized software or hardware onto the device itself. Monitoring may be accomplished on an ongoing basis or by periodic monitoring. Automated mechanisms can be implemented within the network device and/or in another separate information system or device. If the addition of unauthorized components or devices is not automatically detected, then such components or devices could be used for malicious purposes, such as transferring sensitive data to removable media for compromise.

Check Content

Verify "/etc/modprobe.d/ssg-harden.conf" contents are:

install dccp /bin/false
install sctp /bin/false
install rds /bin/false
install tipc /bin/false
install net-pf-31 /bin/false
install bluetooth /bin/false
install usb-storage /bin/false
options ipv6 disable=1

If the "/etc/modprobe.d/ssg-harden.conf" contents do not contain the above, this is a finding.

Fix Text

Set contents of "/etc/modprobe.d/ssg-harden.conf" file to:

install dccp /bin/false
install sctp /bin/false
install rds /bin/false
install tipc /bin/false
install net-pf-31 /bin/false
install bluetooth /bin/false
install usb-storage /bin/false
options ipv6 disable=1