STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server DoD root CAs must be in the trust store.

DISA Rule

SV-96087r1_rule

Vulnerability Number

V-81373

Group Title

SRG-APP-000219-AS-000147

Rule Version

WBSP-AS-001410

Severity

CAT II

CCI(s)

• CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

10

Fix Recommendation

Navigate to Security >> SSL certificate and key management >> Keystore and certificates.

Click on the trust store used to store the signers of the administrators' certificates. (The default is cellDefaultTrustStore).

Click on "Signer Certificates".

Click "Add".

Follow the instructions to import the signer from a file.

Click "OK".

Check Contents

Review System Security Plan documentation for location of the trust store used to store the signers of the administrators certificates. By default this is "cellDefaultTrustStore".

Navigate to Security >> SSL certificate and key management >> Keystore and certificates.

Click on the trust store used to store the signers of the administrators' certificates (root CA). (The default is cellDefaultTrustStore).

Click on "Signer Certificates".

If there are no DoD signer certificates, this is a finding.

Vulnerability Number

V-81373

Documentable

False

Rule Version

WBSP-AS-001410

Severity Override Guidance

Review System Security Plan documentation for location of the trust store used to store the signers of the administrators certificates. By default this is "cellDefaultTrustStore".

Navigate to Security >> SSL certificate and key management >> Keystore and certificates.

Click on the trust store used to store the signers of the administrators' certificates (root CA). (The default is cellDefaultTrustStore).

Click on "Signer Certificates".

If there are no DoD signer certificates, this is a finding.

Check Content Reference

M

Target Key

3399

Comments