Details

To establish acceptance of system usage policy, a click-through banner at the application server management interface logon is required. The banner shall prevent further activity on the application server unless and until the user executes a positive action to manifest agreement by clicking on a box indicating ‘OK’.

Solution

Open the file ${WAS_HOME}/properties/login.info.

Follow the instructions in the HTML comment section to create the pre-logon banner.

Enter the Standard DoD Mandatory Notice and Consent banner into the HTML section.

If logged on to the admin console, log out and log back on to validate the changes.

Restart the DMGR and all the JVMs.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-8b.
• CAT|II
• CCI|CCI-000050
• Rule-ID|SV-95949r1_rule
• STIG-ID|WBSP-AS-000320
• Vuln-ID|V-81235

Source

• Tenable.com/audits