The DataPower Gateway providing user access control intermediary services for publicly accessible applications must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system.
For an HTTP application hosted on DataPower to display a landing page, the application designer will need to make that landing page available on the DataPower appliance or remotely accessible on a server. This landing page will be the page that the user sees, and the user will have to acknowledge this page before being redirected to the application/logon.
If the banner page does not load when first accessing an application, this is a finding.
Fix Text (F-71139r1_fix)
The application designer will create a service object in DataPower (e.g., Multi Protocol Gateway). As part of the object configuration, the application designer will create a Processing Policy object. The processing policy controls access to the Processing Rules of the application.
The application designer will create a Processing Rule that allows the banner page to be displayed when a user accesses the application. The application designer will ensure that the banner page redirects the application user to the appropriate next step (e.g., logon page, application page, etc.) after the end user has accepted the terms of the agreement.