IBM WebSphere Traditional V9.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The WebSphere Application Server must provide security extensions to extend the SOAP protocol and provide secure authentication when accessing sensitive data.
<VulnDiscussion>Application servers may provide a web services capability that could be leveraged to allow remote access to sensitive applica...Rule Medium Severity -
SRG-APP-000394-AS-000241
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must authenticate all network-connected endpoint devices before establishing any connection.
<VulnDiscussion>Device authentication requires unique identification and authentication that may be defined by type, by specific device, or b...Rule Medium Severity -
SRG-APP-000395-AS-000109
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
<VulnDiscussion>Device authentication requires unique identification and authentication that may be defined by type, by specific device, or b...Rule Medium Severity -
SRG-APP-000172-AS-000120
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server application security must be enabled for each security domain except for publicly available applications specified in the System Security Plan.
<VulnDiscussion>By default, all administrative and user applications in WebSphere® Application Server use the global security configuration. ...Rule High Severity -
SRG-APP-000172-AS-000121
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server secure LDAP (LDAPS) must be used for authentication.
<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmissi...Rule High Severity -
SRG-APP-000400-AS-000246
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.