Documentation - V-274533

V-274533

Application Programming Interface (API) Security Requirements Guide

CAT II

Title

The API Gateway must audit request and response details (such as method, URL, headers, body, status, etc.).

Description

<VulnDiscussion>The API Gateway must audit request and response details to ensure robust security, efficient troubleshooting, and compliance with regulations. As the central point for handling incoming traffic, the gateway is responsible for managing authentication, authorization, routing, and applying policies across all services. By auditing request and response details, the gateway can monitor for potential security threats, such as unauthorized access attempts, data tampering, or malicious a...

Fix Text (Documentation Requirement)

Build or configure the API Gateway to log the necessary request and response details such as method, URL, headers, body, status, etc.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel