PAM Audit Evidence Assistance
Article ID: 106926
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
An audit team may ask for to proof that CA PAM is not vulnerable. Here is some information that will help to satisfy the auditors.
Environment
Release:
Component: CAPAMX
Component: CAPAMX
Resolution
The PAM online documentation, e.g. at https://docops.ca.com/ca-privileged-access-manager/3-2-2/EN/implementing/protect-privileged-account-credentials/default-ports-for-credential-manager, contains information about the various ports used by PAM. Below are 3 options for checking PAM:
1. You can run a vulnerability analysis tool, like qualys.
2. You can use an SSL checker, like Symantec.
3. You can run a web application tool like webinspect.
A 3rd party tool would probably be preferred by the audit team. The results are more likely to be believed if they come from an independent party.
1. You can run a vulnerability analysis tool, like qualys.
2. You can use an SSL checker, like Symantec.
3. You can run a web application tool like webinspect.
A 3rd party tool would probably be preferred by the audit team. The results are more likely to be believed if they come from an independent party.
Feedback
Yes
No
Powered by
