STIGQter STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018: The WebSphere Application Server high availability applications must be installed on a cluster.

DISA Rule

SV-96099r1_rule

Vulnerability Number

V-81385

Group Title

SRG-APP-000435-AS-000163

Rule Version

WBSP-AS-001570

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To create a cluster, navigate to Servers >> Clusters >> WebSphere Application Server Clusters >> New and follow the wizard.

After cluster creation, re-install your application to the cluster.

Refer to product documentation for specific details on how to create and manage WebSphere clusters.

Check Contents

Review Systems Security Plan and identify system categorization.

If the system is not categorized as HIGH, this requirement is NA.

Identify HA applications installed on the server.

Verify applications defined as requiring HA protections are running on a cluster.

From the admin console, navigate to Application >> All Applications >> [application name] >> Target specific application status.

If the target application has been designated as an HA application but is not running on a cluster, this is a finding.

Vulnerability Number

V-81385

Documentable

False

Rule Version

WBSP-AS-001570

Severity Override Guidance

Review Systems Security Plan and identify system categorization.

If the system is not categorized as HIGH, this requirement is NA.

Identify HA applications installed on the server.

Verify applications defined as requiring HA protections are running on a cluster.

From the admin console, navigate to Application >> All Applications >> [application name] >> Target specific application status.

If the target application has been designated as an HA application but is not running on a cluster, this is a finding.

Check Content Reference

M

Target Key

3399

Comments