STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server bus security must be enabled.

DISA Rule

SV-95915r1_rule

Vulnerability Number

V-81201

Group Title

SRG-APP-000315-AS-000095

Rule Version

WBSP-AS-000140

Severity

CAT I

CCI(s)

• CCI-002315 - The organization defines the number of managed network access control points through which the information system routes all remote access.

Weight

10

Fix Recommendation

From the administration console, navigate to Security >> Bus Security.

For each service integration bus where security is not enabled, click on "Disabled".

Click the check box to "Enable bus security".

Configure the transport settings and authorization policies according to application security access requirements specified in the security plan.

Check Contents

Review System Security Plan documentation.

Interview the system administrator.

Identify the service integration buses configured on the WAS.

If there are no service integration buses, this requirement is NA.

From the administration console, navigate to Security >> Bus Security.

For each service integration bus, if security is not enabled, this is a finding.

Vulnerability Number

V-81201

Documentable

False

Rule Version

WBSP-AS-000140

Severity Override Guidance

Review System Security Plan documentation.

Interview the system administrator.

Identify the service integration buses configured on the WAS.

If there are no service integration buses, this requirement is NA.

From the administration console, navigate to Security >> Bus Security.

For each service integration bus, if security is not enabled, this is a finding.

Check Content Reference

M

Target Key

3399

Comments