STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes.

DISA Rule

SV-95911r1_rule

Vulnerability Number

V-81197

Group Title

SRG-APP-000016-AS-000013

Rule Version

WBSP-AS-000120

Severity

CAT II

CCI(s)

• CCI-000067 - The information system monitors remote access methods.

Weight

10

Fix Recommendation

From administrative console click System administration >> Extended repository service >> Enable automatic repository checkpoints.

Enter a "checkpoint depth value" according to the security plan.

Restart the DMGR and all the JVMs.

Check Contents

Review System Security Plan documentation.

Identify the required "Automatic CheckPoint Depth" setting that has been defined.

From administrative console, click System administration >> Extended repository service.

If "Enable automatic repository checkpoints" is not selected or if the "automatic checkpoint depth" is less than the number of saves defined in the System Security Plan, this is a finding.

Vulnerability Number

V-81197

Documentable

False

Rule Version

WBSP-AS-000120

Severity Override Guidance

Review System Security Plan documentation.

Identify the required "Automatic CheckPoint Depth" setting that has been defined.

From administrative console, click System administration >> Extended repository service.

If "Enable automatic repository checkpoints" is not selected or if the "automatic checkpoint depth" is less than the number of saves defined in the System Security Plan, this is a finding.

Check Content Reference

M

Target Key

3399

Comments