PAM Audit Evidence Assistance

book

Article ID: 106926

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

An audit team may ask for to proof that CA PAM is not vulnerable.  Here is some information that will help to satisfy the  auditors.

Environment

Release:
Component: CAPAMX

Resolution

The PAM online documentation, e.g. at https://docops.ca.com/ca-privileged-access-manager/3-2-2/EN/implementing/protect-privileged-account-credentials/default-ports-for-credential-manager, contains information about the various ports used by PAM. Below are 3 options for checking PAM:

1. You can run a vulnerability analysis tool, like qualys.
2. You can use an SSL checker, like Symantec.
3. You can run a web application tool like webinspect.

A 3rd party tool would probably be preferred by the audit team.  The results are more likely to be believed if they come from an independent party.