Oracle WebLogic Server 12c Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Oracle WebLogic must produce audit records containing sufficient information to establish where the events occurred.
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes time stamps, source...Rule Low Severity -
Oracle WebLogic must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event.
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes: time stamps, sour...Rule Medium Severity -
Oracle WebLogic must alert designated individual organizational officials in the event of an audit processing failure.
Audit processing failures include, but are not limited to, failures in the application server log capturing mechanisms or audit storage capacity being reached or exceeded. In some instances, it is...Rule Low Severity -
Oracle WebLogic must use internal system clocks to generate time stamps for audit records.
Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the application s...Rule Low Severity -
Oracle WebLogic must protect audit tools from unauthorized modification.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Depending upon the log format and application, system and application log tools may ...Rule Medium Severity -
Oracle WebLogic must authenticate users individually prior to using a group authenticator.
To assure individual accountability and prevent unauthorized access, application server users (and any processes acting on behalf of application server users) must be individually identified and au...Rule High Severity -
Oracle WebLogic must enforce password complexity by the number of special characters used.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Use of a complex password helps to increase the time a...Rule Medium Severity -
Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data.
Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and D...Rule Medium Severity -
Oracle WebLogic must employ strong identification and authentication techniques when establishing nonlocal maintenance and diagnostic sessions.
Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network....Rule Medium Severity -
Oracle WebLogic must utilize NSA-approved cryptography when protecting classified compartmentalized data.
Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.