ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
PAM Audit Evidence Assistance
Article ID: 106926
CA Privileged Access Manager - Cloakware Password Authority (PA)PAM SAFENET LUNA HSMCA Privileged Access Manager (PAM)
An audit team may ask for to proof that CA PAM is not vulnerable. Here is some information that will help to satisfy the auditors.
Release: Component: CAPAMX
The PAM online documentation, e.g. at https://docops.ca.com/ca-privileged-access-manager/3-2-2/EN/implementing/protect-privileged-account-credentials/default-ports-for-credential-manager, contains information about the various ports used by PAM. Below are 3 options for checking PAM:
1. You can run a vulnerability analysis tool, like qualys. 2. You can use an SSL checker, like Symantec. 3. You can run a web application tool like webinspect.
A 3rd party tool would probably be preferred by the audit team. The results are more likely to be believed if they come from an independent party.