STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Servers must not be in the DMZ.

DISA Rule

SV-96085r1_rule

Vulnerability Number

V-81371

Group Title

SRG-APP-000211-AS-000146

Rule Version

WBSP-AS-001390

Severity

CAT II

CCI(s)

• CCI-001082 - The information system separates user functionality (including user interface services) from information system management functionality.

Weight

10

Fix Recommendation

If any application server host is installed in the DMZ, reassign IP address to a secured network and reconfigure the application server.

Check Contents

Review System Security Plan and system architecture documentation.

Interview the system administrator.

Identify any DMZ networks.

If there are no DMZ networks in the application server's architecture, this requirement is NA.

In the administrative console, click Servers >> Server Types >> WebSphere application servers.

For each application server, review the "hostname" field and determine if the application server has a DMZ network IP address.

If any application server is hosted in the DMZ network, this is a finding.

Vulnerability Number

V-81371

Documentable

False

Rule Version

WBSP-AS-001390

Severity Override Guidance

Review System Security Plan and system architecture documentation.

Interview the system administrator.

Identify any DMZ networks.

If there are no DMZ networks in the application server's architecture, this requirement is NA.

In the administrative console, click Servers >> Server Types >> WebSphere application servers.

For each application server, review the "hostname" field and determine if the application server has a DMZ network IP address.

If any application server is hosted in the DMZ network, this is a finding.

Check Content Reference

M

Target Key

3399

Comments