Skip to content
Catalogs
XCCDF
IBM WebSphere Traditional V9.x Security Technical Implementation Guide
SRG-APP-000172-AS-000120
The WebSphere Application Server application security must be enabled for each security domain except for publicly available applications specified in the System Security Plan.
The WebSphere Application Server application security must be enabled for each security domain except for publicly available applications specified in the System Security Plan. An XCCDF Rule
The WebSphere Application Server application security must be enabled for each security domain except for publicly available applications specified in the System Security Plan.
High Severity
<VulnDiscussion>By default, all administrative and user applications in WebSphere® Application Server use the global security configuration. For example, a user registry defined in global security is used to authenticate users for every application in the cell. WebSphere allows for additional WebSphere security domains where different security attributes for some or all of your user applications can be set. These domains must also be configured to use application security.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>