STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server management interface must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.

DISA Rule

SV-95949r1_rule

Vulnerability Number

V-81235

Group Title

SRG-APP-000069-AS-000036

Rule Version

WBSP-AS-000320

Severity

CAT II

CCI(s)

• CCI-000050 - The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system.

Weight

10

Fix Recommendation

Open the file ${WAS_HOME}/properties/login.info.

Follow the instructions in the HTML comment section to create the pre-logon banner.

Enter the Standard DoD Mandatory Notice and Consent banner into the HTML section.

If logged on to the admin console, log out and log back on to validate the changes.

Restart the DMGR and all the JVMs.

Check Contents

Point browser to the URL of the WebSphere administration console.

If the Standard Mandatory DoD Notice and Consent Banner is not retained until the user acknowledges the usage conditions, this is a finding.

Vulnerability Number

V-81235

Documentable

False

Rule Version

WBSP-AS-000320

Severity Override Guidance

Point browser to the URL of the WebSphere administration console.

If the Standard Mandatory DoD Notice and Consent Banner is not retained until the user acknowledges the usage conditions, this is a finding.

Check Content Reference

M

Target Key

3399

Comments