STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server must authenticate all network-connected endpoint devices before establishing any connection.

DISA Rule

SV-96047r1_rule

Vulnerability Number

V-81333

Group Title

SRG-APP-000394-AS-000241

Rule Version

WBSP-AS-001110

Severity

CAT II

CCI(s)

• CCI-000187 - The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group.
• CCI-001958 - The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection.

Weight

10

Fix Recommendation

From the admin console, navigate to Security >> SSL Certificate and Key Management >> SSL Configuration.

For each [NodeDefaultSSLSettings] select Quality of Protection (QoP) Settings.

Set "Client authentication" according to the security plan.

Check Contents

Review System Security Plan documentation.

Identify mutual authentication connection requirements.

From the admin console, navigate to Security >> SSL Certificate and Key Management >> SSL Configuration.

Select each [NodeDefaultSSLSettings] then go to Quality of Protection (QoP) Settings.

If "Client authentication" is not set according to the security plan, this is a finding.

Vulnerability Number

V-81333

Documentable

False

Rule Version

WBSP-AS-001110

Severity Override Guidance

Review System Security Plan documentation.

Identify mutual authentication connection requirements.

From the admin console, navigate to Security >> SSL Certificate and Key Management >> SSL Configuration.

Select each [NodeDefaultSSLSettings] then go to Quality of Protection (QoP) Settings.

If "Client authentication" is not set according to the security plan, this is a finding.

Check Content Reference

M

Target Key

3399

Comments