| 1.1 - SerializedSystemIni.dat Password File is not Protected | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2 - Strong Password policy should be implemented - Enforce Password History | |
| 1.2 - Strong Password policy should be implemented - Maximum Password Age | |
| 1.2 - Strong Password policy should be implemented - Minimum Lowercase Characters | IDENTIFICATION AND AUTHENTICATION |
| 1.2 - Strong Password policy should be implemented - Minimum Numeric Characters | IDENTIFICATION AND AUTHENTICATION |
| 1.2 - Strong Password policy should be implemented - Minimum Password Age | |
| 1.2 - Strong Password policy should be implemented - Minimum Password Length | IDENTIFICATION AND AUTHENTICATION |
| 1.2 - Strong Password policy should be implemented - Minimum Special Characters | IDENTIFICATION AND AUTHENTICATION |
| 1.2 - Strong Password policy should be implemented - Minimum Uppercase Characters | IDENTIFICATION AND AUTHENTICATION |
| 1.2 - Strong Password policy should be implemented - Non-Alphanumeric Characters | IDENTIFICATION AND AUTHENTICATION |
| 1.3 - Default admin password should be changed | |
| 2.1 - Weak permissions on Weblogic directories | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.2 - Weak permissions on Log files | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.3 - Administration Console Session Timeout is not set | ACCESS CONTROL |
| 2.4 - Limit access to production WebLogic application servers | |
| 2.5 - Unique X.509 Mapping should be present | |
| 2.6 - Security roles should be used to control access | |
| 2.7 - Set check Roles and Policies to all Web applications and EJBs | IDENTIFICATION AND AUTHENTICATION |
| 2.8 - Account lockout policy should be enabled - Lockout Enabled | ACCESS CONTROL |
| 2.8 - Account lockout policy should be enabled - Lockout Threshold | ACCESS CONTROL |
| 2.9 - Security Groups should be established | |
| 2.10 - Administrator Group should be set up | |
| 3.1 - Domain wide administration port is not enabled | ACCESS CONTROL |
| 3.2 - Keystore directory and file permissions should be set - Directory | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2 - Keystore directory and file permissions should be set - Files | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3 - Connection Filtering is not configured - Connection Filter Specified | ACCESS CONTROL |
| 3.3 - Connection Filtering is not configured - Filter enabled | AUDIT AND ACCOUNTABILITY |
| 3.3 - Connection Filtering is not configured - Filter Rules added | ACCESS CONTROL |
| 3.4 - Default Weblogic Keystores is used | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 - Default weblogic account is used | |
| 3.6 - Insecure 'Idle Timeout' setting | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 - Network Parameters are not tuned - Accept Backlog | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 - Network Parameters are not tuned - Login Timeout | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 - Network Parameters are not tuned - Maximum Open Sockets | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 - Http banner reveals server information - Send Server Header | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 - Http banner reveals server information - X-Powered-By Header | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.9 - Default code and application examples and pointbase database are installed - ADFR Tools | CONFIGURATION MANAGEMENT |
| 3.9 - Default code and application examples and pointbase database are installed - eval directory | CONFIGURATION MANAGEMENT |
| 3.9 - Default code and application examples and pointbase database are installed - OEPE Tools | CONFIGURATION MANAGEMENT |
| 3.9 - Default code and application examples and pointbase database are installed - samples directory | CONFIGURATION MANAGEMENT |
| 3.10 - Domain is not running in production mode | CONFIGURATION MANAGEMENT |
| 3.11 - Domain HTTP Post Timeout is not set | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 - Security Interoperability Mode is not set | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.13 - Configuration Archive is not Enabled | CONTINGENCY PLANNING |
| 3.14 - Maximum Message Size is not set - Maximum HTTP Message Size | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.14 - Maximum Message Size is not set - Maximum Message Size | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.15 - Archive Configuration Count is not set | CONTINGENCY PLANNING |
| 3.16 - Delete Development Tools - ADFR Tools | CONFIGURATION MANAGEMENT |
| 3.16 - Delete Development Tools - OEPE Tools | CONFIGURATION MANAGEMENT |
| 3.17 - Deploy the WebLogic Platform on a Dedicated System | CONFIGURATION MANAGEMENT |
