Details

A service integration bus is a group of one or more application servers or server clusters in a WebSphere Application Server cell that cooperate to provide asynchronous messaging services. The application servers or server clusters in a bus are known as bus members.

When a bus is created with bus security enabled, the following conditions apply:

The bus requires client authentication.

The bus enforces authorization policy.

The bus requires use of SSL transport chains.

Solution

From the administration console, navigate to Security >> Bus Security.

For each service integration bus where security is not enabled, click on ‘Disabled’.

Click the check box to ‘Enable bus security’.

Configure the transport settings and authorization policies according to application security access requirements specified in the security plan.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-17(3)
• CAT|I
• CCI|CCI-002315
• Rule-ID|SV-95915r1_rule
• STIG-ID|WBSP-AS-000140
• Vuln-ID|V-81201

Source

• Tenable.com/audits