STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018: STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:SV-96057r1_rule
V-81343
SRG-APP-000172-AS-000120
WBSP-AS-001180
CAT I
10
Navigate to security >> security domains.
Click through each security domain.
If "Customize for this domain" is checked for Application Security under the Security Attributes, but "Enable application security" is not checked, check "Enable application security".
Expand "show" to find all affected nodes and servers.
Click "OK".
Click "Save".
Synchronize the changes.
Restart all affected nodes and servers.
Review System Security Plan documentation.
Identify any publicly available applications. These are applications available to the public that do not require authentication to access (e.g., recruiting websites).
If such applications exist on the system and are specifically allowed according to the security plan, this requirement is NA for those applications only.
Navigate to security >> security domains.
Click through each security domain.
If "Customize for this domain" is checked for Application Security under the Security Attributes, but "Enable application security" is not checked, this is a finding.
V-81343
False
WBSP-AS-001180
Review System Security Plan documentation.
Identify any publicly available applications. These are applications available to the public that do not require authentication to access (e.g., recruiting websites).
If such applications exist on the system and are specifically allowed according to the security plan, this requirement is NA for those applications only.
Navigate to security >> security domains.
Click through each security domain.
If "Customize for this domain" is checked for Application Security under the Security Attributes, but "Enable application security" is not checked, this is a finding.
M
3399