STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server must periodically regenerate LTPA keys.

DISA Rule

SV-96097r1_rule

Vulnerability Number

V-81383

Group Title

SRG-APP-000428-AS-000265

Rule Version

WBSP-AS-001530

Severity

CAT III

CCI(s)

• CCI-002475 - The information system implements cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined information system components.

Weight

10

Fix Recommendation

These steps must be documented and then executed during the down time scheduled for periodic LTPA key regeneration.

The time period must be defined, documented and accepted by the ISSO but must be performed at least annually.

Navigate to Security >> SSL Certificate and Key Management >> Key set groups.

Check "CellLTPAKeySetGroup".

Click "Generate Keys".

Click "Save".

Then synchronize the changes to all nodes.

Check Contents

If LTPA is not utilized, this is not applicable.

Request the documented process to manually regenerate the LTPA keys.

The time period for regeneration must be defined, documented and accepted by the ISSO but must be performed at least annually.

Review documented process for LTPA key regeneration.

If there is no process to regenerate LTPA keys periodically, this is a finding.

Vulnerability Number

V-81383

Documentable

False

Rule Version

WBSP-AS-001530

Severity Override Guidance

If LTPA is not utilized, this is not applicable.

Request the documented process to manually regenerate the LTPA keys.

The time period for regeneration must be defined, documented and accepted by the ISSO but must be performed at least annually.

Review documented process for LTPA key regeneration.

If there is no process to regenerate LTPA keys periodically, this is a finding.

Check Content Reference

M

Target Key

3399

Comments