STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server Java 2 security must be enabled.

DISA Rule

SV-95937r1_rule

Vulnerability Number

V-81223

Group Title

SRG-APP-000033-AS-000024

Rule Version

WBSP-AS-000211

Severity

CAT I

CCI(s)

CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

Fix Recommendation

From the admin console, select Security >> Global Security >> Java 2 Security.

Select the "Use Java 2 security to restrict application access to local resources" check box.

Ensure the application security policies are defined and access permissions are granted accordingly.

Policies are created and access is granted on an application by application basis. Application access to the underlying host is based upon application access requirements.

Check Contents

From the admin console, select Security >> Global Security >> Java 2 Security.

If "Use Java 2 security to restrict application access to local resources" is not selected, this is a finding.

Vulnerability Number

V-81223

Documentable

False

Rule Version

WBSP-AS-000211

Severity Override Guidance

From the admin console, select Security >> Global Security >> Java 2 Security.

If "Use Java 2 security to restrict application access to local resources" is not selected, this is a finding.

Check Content Reference

Target Key

3399

The WebSphere Application Server Java 2 security must be enabled.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments