STIGQter STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application servers with an RMF categorization of high must be in a high-availability (HA) cluster.

DISA Rule

SV-96093r1_rule

Vulnerability Number

V-81379

Group Title

SRG-APP-000225-AS-000154

Rule Version

WBSP-AS-001480

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

In the administrative console, click Servers >> Clusters >> WebSphere application server clusters >> New.

Specify a name for the cluster.

Click "Next".

Specify the name of the first cluster member.

Select the node on which you want this cluster member to reside, leave remaining fields as default.

Click "Next".

Create additional cluster members as needed (give unique name for each member and click "Add Member"), when finished adding members click "Next".

Click "Finish" to create the cluster.

Click "Save".

Refer to vendor documentation that provides direction on the creation of clusters for specific details.

Restart DMGR and sync all JVMs.

Check Contents

Review Systems Security Plan and identify system categorization.

If the system is not categorized as HIGH, this requirement is NA.

In the administrative console, click Servers >> Clusters >> WebSphere application server clusters.

Ensure you have a cluster defined, if not this is a finding.

Vulnerability Number

V-81379

Documentable

False

Rule Version

WBSP-AS-001480

Severity Override Guidance

Review Systems Security Plan and identify system categorization.

If the system is not categorized as HIGH, this requirement is NA.

In the administrative console, click Servers >> Clusters >> WebSphere application server clusters.

Ensure you have a cluster defined, if not this is a finding.

Check Content Reference

M

Target Key

3399

Comments