IBM WebSphere Traditional V9.x Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The WebSphere Application Server users in a LDAP user registry group must be authorized for that group.
<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or proce...Rule Medium Severity -
SRG-APP-000068-AS-000035
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server management interface must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system.
<VulnDiscussion>Application servers are required to display the Standard Mandatory DoD Notice and Consent Banner before granting access to th...Rule Medium Severity -
SRG-APP-000069-AS-000036
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server management interface must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.
<VulnDiscussion>To establish acceptance of system usage policy, a click-through banner at the application server management interface logon i...Rule Medium Severity -
SRG-APP-000091-AS-000052
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must generate log records when successful/unsuccessful attempts to access subject privileges occur.
<VulnDiscussion>Accessing a subject's privileges can be used to elevate a lower-privileged subject's privileges temporarily in order to cause...Rule Low Severity -
SRG-APP-000357-AS-000038
<GroupDescription></GroupDescription>Group -
The WebSphere Application Server must allocate JVM log record storage capacity in accordance with organization-defined log record storage requirements.
<VulnDiscussion>JVM logs are logs used to store application and runtime related events, rather than audit related events. They are mainly use...Rule Medium Severity -
SRG-APP-000357-AS-000038
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.