STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server must not generate LTPA keys automatically.

DISA Rule

SV-96095r1_rule

Vulnerability Number

V-81381

Group Title

SRG-APP-000428-AS-000265

Rule Version

WBSP-AS-001520

Severity

CAT III

CCI(s)

• CCI-002475 - The information system implements cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined information system components.

Weight

10

Fix Recommendation

Navigate to Security >> SSL Certificate and Key Management >> Key set groups >> Cell LTPAKeySetGroup.

Uncheck automatically generate keys.

Click "OK".

Click "Save".

Restart the "Deployment Manager".

Check Contents

If LTPA is not utilized, this is not applicable.

Request the documented process to manually regenerate the LTPA keys.

The time period for regeneration must be defined, documented, and accepted by the ISSO but must be performed at least annually.

Navigate to Security >> SSL Certificate and Key Management >> Key set groups >> Cell LTPAKeySetGroup.

If automatically generate keys is checked, this is a finding.

Vulnerability Number

V-81381

Documentable

False

Rule Version

WBSP-AS-001520

Severity Override Guidance

If LTPA is not utilized, this is not applicable.

Request the documented process to manually regenerate the LTPA keys.

The time period for regeneration must be defined, documented, and accepted by the ISSO but must be performed at least annually.

Navigate to Security >> SSL Certificate and Key Management >> Key set groups >> Cell LTPAKeySetGroup.

If automatically generate keys is checked, this is a finding.

Check Content Reference

M

Target Key

3399

Comments