DISA_IBM_WebSphere_Traditional_9_v1r1.audit for DISA IBM WebSphere Traditional 9 STIG v1r1 | |
WBSP-AS-000010 - The WebSphere Application Server maximum in-memory session count must be set according to application requirements. | ACCESS CONTROL |
WBSP-AS-000020 - The WebSphere Application Server admin console session timeout must be configured. | ACCESS CONTROL |
WBSP-AS-000070 - The WebSphere Application Server security auditing must be enabled. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
WBSP-AS-000080 - WebSphere Application Server groups mapped to WebSphere auditor roles must be configured in accordance with security plan | ACCESS CONTROL |
WBSP-AS-000090 - The WebSphere Application Server users WebSphere auditor role must be configured in accordance with System Security Plan. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
WBSP-AS-000100 - The WebSphere Application Server audit event type filters must be configured. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
WBSP-AS-000110 - The WebSphere Application Server audit service provider must be enabled. | ACCESS CONTROL |
WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - depth | ACCESS CONTROL |
WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - enabled | ACCESS CONTROL |
WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | ACCESS CONTROL |
WBSP-AS-000140 - The WebSphere Application Server bus security must be enabled. | ACCESS CONTROL |
WBSP-AS-000150 - The WebSphere Application Server users in a local user registry group must be authorized for that group. | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-000160 - The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher. | ACCESS CONTROL |
WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - administrative security | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - application security | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-000180 - The WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-000190 - The WebSphere Application Server security cookies must be set to HTTPOnly. | ACCESS CONTROL |
WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled. | ACCESS CONTROL |
WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | ACCESS CONTROL |
WBSP-AS-000220 - The WebSphere Application Server users in the admin role must be authorized. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
WBSP-AS-000230 - The WebSphere Application Server LDAP groups must be authorized for the WebSphere role. | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
WBSP-AS-000240 - The WebSphere Application Server users in a LDAP user registry group must be authorized for that group. | ACCESS CONTROL |
WBSP-AS-000310 - The WebSphere Application Server management interface must display the Standard Mandatory DoD Notice and Consent Banner | ACCESS CONTROL |
WBSP-AS-000320 - The WebSphere Application Server management interface must retain the Standard Mandatory DoD Notice and Consent Banner | ACCESS CONTROL |
WBSP-AS-000380 - The WebSphere Application Server must generate log records when attempts to access subject privileges occur. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000580 - The WebSphere Application Server must allocate JVM log record storage capacity in accordance with requirements - err | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000580 - The WebSphere Application Server must allocate JVM log record storage capacity in accordance with requirements - out | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000590 - WebSphere Application Server must allocate audit log record storage capacity in accordance with requirements - maxFileSize | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000590 - WebSphere Application Server must allocate audit log record storage capacity in accordance with requirements - maxLogs | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000630 - The WebSphere Application Server must provide an immediate real-time alert of all log failure events - notification | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000630 - The WebSphere Application Server must provide an immediate real-time alert of all log failure events - enabled | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000640 - The WebSphere Application Server must alert the SA and ISSO, in the event of a log processing failure - enabled | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000640 - The WebSphere Application Server must alert the SA and ISSO, in the event of a log processing failure - notification | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000650 - The WebSphere Application Server audit subsystem failure action must be set to Log warning. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000660 - The WebSphere Application Server must shut down by default upon log failure (unless availability is an overriding concern). | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000670 - The WebSphere Application Server high availability applications must be configured to fail over in log subsystem failure. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000740 - The WebSphere Application Server must be configured to protect log information from any type of unauthorized read access. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000750 - The WebSphere Application Server must protect log information from unauthorized modification. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000760 - The WebSphere Application Server must protect log information from unauthorized deletion. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000770 - The WebSphere Application Server wsadmin file must be protected from unauthorized access. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000780 - The WebSphere Application Server wsadmin file must be protected from unauthorized modification. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000790 - The WebSphere Application Server wsadmin file must be protected from unauthorized deletion. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000810 - The WebSphere Application Server must be configured to encrypt log information. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000820 - The WebSphere Application Server must be configured to sign log information. | AUDIT AND ACCOUNTABILITY |
WBSP-AS-000910 - The WebSphere Application Server process must not be started from the command line with the -password option. | CONFIGURATION MANAGEMENT |
WBSP-AS-000920 - The WebSphere Application Server files must be owned by the non-root WebSphere user ID. | CONFIGURATION MANAGEMENT |
WBSP-AS-000930 - The WebSphere Application Server sample applications must be removed. | CONFIGURATION MANAGEMENT |
WBSP-AS-000940 - The WebSphere Application Server must remove JREs left by web server and plug-in installers in the DMZ. | CONFIGURATION MANAGEMENT |
WBSP-AS-000960 - The WebSphere Application Server must be run as a non-admin user. | CONFIGURATION MANAGEMENT |