IBM WebSphere Traditional V9.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The WebSphere Application Server groups in the user registry mapped to WebSphere auditor roles must be configured in accordance with the security plan.
Logging must be utilized in order to track system activity, assist in diagnosing system issues, and provide evidence needed for forensic investigations post security incident. Remote access by adm...Rule Medium Severity -
The WebSphere Application Server audit event type filters must be configured.
Logging must be utilized in order to track system activity, assist in diagnosing system issues, and provide evidence needed for forensic investigations post security incident. Remote access by adm...Rule Medium Severity -
The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher.
Quality of Protection specifies the security level, ciphers, and mutual authentication settings for the Secure Socket Layer (SSL/TLS) configuration.Rule Medium Severity -
The WebSphere Application Server global application security must be enabled.
Application security enables security for the applications in your environment. This setting provides application isolation and meets security requirements such as using SSL for authenticating appl...Rule High Severity -
The WebSphere Application Server users in the admin role must be authorized.
Strong access controls are critical to securing the application server. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement...Rule Medium Severity -
The WebSphere Application Server must allocate JVM log record storage capacity in accordance with organization-defined log record storage requirements.
JVM logs are logs used to store application and runtime related events, rather than audit related events. They are mainly used to diagnose application or runtime bugs. But sometimes they may be use...Rule Medium Severity -
The WebSphere Application Server audit subsystem failure action must be set to Log warning.
Logs are essential to monitor the health of the system, investigate changes that occurred to the system, or investigate a security incident. When log processing fails, the events during the failure...Rule Medium Severity -
The WebSphere Application Server wsadmin file must be protected from unauthorized access.
Protecting log data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may pr...Rule Medium Severity -
The WebSphere Application Server process must not be started from the command line with the -password option.
The use of the -password option to launch a WebSphere process from the command line can result in a security exposure. Password information may become visible to any user with the ability to view s...Rule Medium Severity -
The WebSphere Application Server must remove JREs left by web server and plug-in installers for web servers and plugins running in the DMZ.
When you install IBM HTTP Server, the installer leaves behind a JRE. Remove this JRE, as it provides functions that are not needed by the Web server or plug-in under normal conditions. Keep in mind...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.