STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server audit service provider must be enabled.

DISA Rule

SV-95925r1_rule

Vulnerability Number

V-81211

Group Title

SRG-APP-000016-AS-000013

Rule Version

WBSP-AS-000110

Severity

CAT II

CCI(s)

• CCI-000067 - The information system monitors remote access methods.
• CCI-002234 - The information system audits the execution of privileged functions.

Weight

10

Fix Recommendation

In the administrative console, navigate to Security >> Security auditing >> Event type Filters.

Identify and record the event type filter that contains the required "Events and Outcomes".

In the administrative console, click on Security >> Security auditing >> Audit Service Provider [provider name].

Under "Selectable filters", select the filter that was previously identified and recorded.

Click the right arrow to add it to the list.

Click "OK".

Click "Save" to save the changes.

Restart the DMGR and all the JVMs.

Check Contents

In the administrative console, navigate to Security >> Security auditing >> Audit Service Provider [provider name].

Under "Enabled filters", determine if the filter name from select the name of the filter that was recorded from STIG ID WBSP-AS-000100.

If the filter that was identified in STIG ID WBSP-AS-000100 is not enabled, this is a finding.

Vulnerability Number

V-81211

Documentable

False

Rule Version

WBSP-AS-000110

Severity Override Guidance

In the administrative console, navigate to Security >> Security auditing >> Audit Service Provider [provider name].

Under "Enabled filters", determine if the filter name from select the name of the filter that was recorded from STIG ID WBSP-AS-000100.

If the filter that was identified in STIG ID WBSP-AS-000100 is not enabled, this is a finding.

Check Content Reference

M

Target Key

3399

Comments