WBSP-AS-000130 – The WebSphere Application Server administrative security must be enabled.
Details In previous releases of WebSphere Application Server, when a user enabled global security, both administrative and application security were...
- Home
- Security Hardening
- DISA IBM WebSphere Traditional 9 STIG V1R1
DISA IBM WebSphere Traditional 9 STIG V1R1
WBSP-AS-000140 – The WebSphere Application Server bus security must be enabled.
Details A service integration bus is a group of one or more application servers or server clusters in a WebSphere...WBSP-AS-000150 – The WebSphere Application Server users in a local user registry group must be authorized for that group.
Details Application servers provide remote access capability and must be able to enforce remote access policy requirements or work in...WBSP-AS-000160 – The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher.
Details Quality of Protection specifies the security level, ciphers, and mutual authentication settings for the Secure Socket Layer (SSL/TLS) configuration....WBSP-AS-000170 – The WebSphere Application Server global application security must be enabled – administrative security
Details Application security enables security for the applications in your environment. This setting provides application isolation and meets security requirements...WBSP-AS-000170 – The WebSphere Application Server global application security must be enabled – application security
Details Application security enables security for the applications in your environment. This setting provides application isolation and meets security requirements...WBSP-AS-000190 – The WebSphere Application Server security cookies must be set to HTTPOnly.
Details Web applications use cookies to track users across requests. These cookies, while typically not sensitive in themselves, connect you...WBSP-AS-000211 – The WebSphere Application Server Java 2 security must be enabled.
Details Java 2 security provides a policy-based fine grained access control mechanism that increases overall system integrity by checking for...WBSP-AS-000212 – The WebSphere Application Server Java 2 security must not be bypassed.
Details WebSphere provides a passive filter mechanism that will allow administrators to set Java 2 security in the admin console...WBSP-AS-000220 – The WebSphere Application Server users in the admin role must be authorized.
Details Strong access controls are critical to securing the application server. Access control policies (e.g., identity-based policies, role-based policies, attribute-based...