Skip to content

Oracle WebLogic Server 12c Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000172-AS-000121

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic must utilize encryption when using LDAP for authentication.

    &lt;VulnDiscussion&gt;Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmissi...
    Rule High Severity
  • SRG-APP-000175-AS-000124

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor.

    &lt;VulnDiscussion&gt;A trust anchor is an authoritative entity represented via a public key and associated data. It is used in the context of publ...
    Rule Medium Severity
  • SRG-APP-000177-AS-000126

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic must map the PKI-based authentication identity to the user account.

    &lt;VulnDiscussion&gt;The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptogra...
    Rule Medium Severity
  • SRG-APP-000179-AS-000129

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data.

    &lt;VulnDiscussion&gt;Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified ...
    Rule Medium Severity
  • SRG-APP-000179-AS-000129

    <GroupDescription></GroupDescription>
    Group
  • Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes.

    &lt;VulnDiscussion&gt;Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules