STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server high availability applications must be configured to fail over to another system in the event of log subsystem failure.

DISA Rule

SV-95965r1_rule

Vulnerability Number

V-81251

Group Title

SRG-APP-000109-AS-000070

Rule Version

WBSP-AS-000670

Severity

CAT III

CCI(s)

• CCI-000140 - The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Weight

10

Fix Recommendation

In the admin console, Click Servers >> Clusters >> WebSphere application server clusters.

Define a cluster for every high availability application as outlined in the System Security Plan documentation.

Refer to vendor documentation for steps on creating a fail over cluster.

Check Contents

If the System Security Plan documentation does not require redundancy, this requirement is NA.

Click Servers >> Clusters >> WebSphere application server clusters.

Ensure you have a cluster defined for every application requiring redundancy.

If there is not a cluster defined for every application requiring redundancy, this is a finding.

Vulnerability Number

V-81251

Documentable

False

Rule Version

WBSP-AS-000670

Severity Override Guidance

If the System Security Plan documentation does not require redundancy, this requirement is NA.

Click Servers >> Clusters >> WebSphere application server clusters.

Ensure you have a cluster defined for every application requiring redundancy.

If there is not a cluster defined for every application requiring redundancy, this is a finding.

Check Content Reference

M

Target Key

3399

Comments