STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.

DISA Rule

SV-96105r1_rule

Vulnerability Number

V-81391

Group Title

SRG-APP-000439-AS-000274

Rule Version

WBSP-AS-001610

Severity

CAT II

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

From the administrative console, navigate to Security >> SSL certificate and key management >> SSL configurations >> [Name] >> for each SSL configuration

Select "Quality of protection (QoP) settings" under "Cipher suite" settings.

Identify any ciphers that include "EXPORT" in their name.

Remove the cipher by selecting the cipher.

Click "Remove" button.

Click "OK".

Recycle the DMGR and sync the JVMs.

Check Contents

From the administrative console, navigate to Security >> SSL certificate and key management >> SSL configurations >> [Name] >> for each SSL Configuration

Select "Quality of protection (QoP) settings".

Under "Cipher suite" settings, if any of the ciphers contained in the "Selected ciphers" box" contain "EXPORT" in their name, this is a finding.

Vulnerability Number

V-81391

Documentable

False

Rule Version

WBSP-AS-001610

Severity Override Guidance

From the administrative console, navigate to Security >> SSL certificate and key management >> SSL configurations >> [Name] >> for each SSL Configuration

Select "Quality of protection (QoP) settings".

Under "Cipher suite" settings, if any of the ciphers contained in the "Selected ciphers" box" contain "EXPORT" in their name, this is a finding.

Check Content Reference

M

Target Key

3399

Comments