Skip to content

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • The WebSphere Application Server application security must be enabled for each security domain except for publicly available applications specified in the System Security Plan.

    <VulnDiscussion>By default, all administrative and user applications in WebSphere® Application Server use the global security configuration. ...
    Rule High Severity
  • SRG-APP-000172-AS-000121

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server secure LDAP (LDAPS) must be used for authentication.

    &lt;VulnDiscussion&gt;Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmissi...
    Rule High Severity
  • SRG-APP-000400-AS-000246

    <GroupDescription></GroupDescription>
    Group
  • The WebSphere Application Server must prohibit the use of cached authenticators after an organization-defined time period.

    &lt;VulnDiscussion&gt;When the application server is using PKI authentication, a local revocation cache must be stored for instances when the revoc...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules