Documentation - V-255835

V-255835

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

CAT II

Title

The WebSphere Application Server users in the admin role must be authorized.

Description

<VulnDiscussion>Strong access controls are critical to securing the application server. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices, cryptography) must be employed by the application server to control access between users (or processes acting on behalf of users) and objects (e.g., applications, files, records, processes, application domains) in the app...

Fix Text (Documentation Requirement)

Navigate to User and Groups >> Administrative user roles. If an unauthorized user is assigned to the admin role, click on the user, remove admin rights and assign proper roles as defined in System Security Plan. Do not delete any user with the "Primary administrative user name" designation. Click "OK". Click "Save". Restart the DMGR and all the JVMs.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel