Skip to content
Log In

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000148-AS-000101

    Group
    Show

  • The WebSphere Application Server local file-based user registry must not be used.

    WebSphere does not provide direct audit of changes to the built-in file registry. The built-in file registry must not be used to support user logon accounts. Use an LDAP/AD server and manage user a...
    Rule Medium Severity
    Show

  • SRG-APP-000149-AS-000102

    Group
    Show

  • The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used.

    Multifactor authentication creates a layered defense and makes it more difficult for an unauthorized person to access the application server. If one factor is compromised or broken, the attacker st...
    Rule Medium Severity
    Show

  • SRG-APP-000156-AS-000106

    Group
    Show

  • SRG-APP-000156-AS-000106

    Group
    Show

  • The WebSphere Application Server must provide security extensions to extend the SOAP protocol and provide secure authentication when accessing sensitive data.

    Application servers may provide a web services capability that could be leveraged to allow remote access to sensitive application data. A web service, which is a repeatable process used to make dat...
    Rule Medium Severity
    Show

  • SRG-APP-000394-AS-000241

    Group
    Show

  • SRG-APP-000395-AS-000109

    Group
    Show

  • The WebSphere Application Server must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

    Device authentication requires unique identification and authentication that may be defined by type, by specific device, or by a combination of type and device. Bidirectional authentication provid...
    Rule Medium Severity
    Show

  • SRG-APP-000172-AS-000120

    Group
    Show

  • SRG-APP-000172-AS-000121

    Group
    Show

  • The WebSphere Application Server secure LDAP (LDAPS) must be used for authentication.

    Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmission. Application servers have the capability to utilize LDAP directorie...
    Rule High Severity
    Show

  • SRG-APP-000400-AS-000246

    Group
    Show

  • The WebSphere Application Server must prohibit the use of cached authenticators after an organization-defined time period.

    When the application server is using PKI authentication, a local revocation cache must be stored for instances when the revocation cannot be authenticated through the network, but if cached authent...
    Rule Medium Severity
    Show

  • SRG-APP-000176-AS-000125

    Group
    Show

  • SRG-APP-000177-AS-000126

    Group
    Show

  • The WebSphere Application Server must use signer for DoD-issued certificates.

    The cornerstone of PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information, but the key can ...
    Rule Medium Severity
    Show

  • SRG-APP-000179-AS-000129

    Group
    Show

  • SRG-APP-000402-AS-000247

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules