III - Administrative Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000148-AS-000101
Group -
The WebSphere Liberty Server must use an LDAP user registry.
To ensure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. This is typically accomplished via the use of a user store which is...Rule Medium Severity -
SRG-APP-000148-AS-000101
Group -
Basic Authentication must be disabled.
Basic authentication does not use a centralized user store like LDAP. Not using a centralized user store complicates user management tasks and increases the risk that user accounts could remain on ...Rule Medium Severity -
SRG-APP-000149-AS-000102
Group -
Multifactor authentication for network access to privileged accounts must be used.
Multifactor authentication creates a layered defense and makes it more difficult for an unauthorized person to access the application server. If one factor is compromised or broken, the attacker st...Rule High Severity -
SRG-APP-000171-AS-000119
Group -
The WebSphere Liberty Server must store only encrypted representations of user passwords.
WebSphere Liberty can either provide a local account store or integrate with enterprise account stores such as LDAP directories. If the application server stores application passwords in the server...Rule High Severity -
SRG-APP-000172-AS-000120
Group -
The WebSphere Liberty Server must use TLS-enabled LDAP.
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmission. If passwords are not encrypted, they can be plainly read (i.e., clea...Rule High Severity -
SRG-APP-000177-AS-000126
Group -
The WebSphere Liberty Server must use DoD-issued/signed certificates.
The cornerstone of PKI is the private key used to encrypt or digitally sign information. The key by itself is a cryptographic value that does not contain specific user information, but the key can ...Rule Medium Severity -
SRG-APP-000179-AS-000129
Group -
The WebSphere Liberty Server must use FIPS 140-2 approved encryption modules when authenticating users and processes.
Application servers must use and meet requirements of the DoD Enterprise PKI infrastructure for application authentication. Encryption is only as good as the encryption modules used. Unapproved cry...Rule High Severity -
SRG-APP-000295-AS-000263
Group -
HTTP session timeout must be configured.
An attacker can take advantage of user sessions that are left open, thus bypassing the user authentication process. To thwart the vulnerability of open and unused user sessions, the application se...Rule Medium Severity -
SRG-APP-000315-AS-000094
Group -
Application security must be enabled on the WebSphere Liberty Server.
Application security enables security for the applications in the environment. This type of security provides application isolation and requirements for authenticating application users. When a use...Rule High Severity -
SRG-APP-000340-AS-000185
Group -
Users in a reader-role must be authorized.
The reader role is a management role that allows read-only access to select administrative REST APIs as well as the Admin Center UI (adminCenter-1.0). Preventing non-privileged users from viewing p...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.