Documentation - V-255867

V-255867

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

CAT II

Title

The WebSphere Application Server must provide security extensions to extend the SOAP protocol and provide secure authentication when accessing sensitive data.

Description

<VulnDiscussion>Application servers may provide a web services capability that could be leveraged to allow remote access to sensitive application data. A web service, which is a repeatable process used to make data available to remote clients, should not be confused with a web server. Many web services utilize SOAP, which in turn utilizes XML and HTTP as a transport. Natively, SOAP does not provide security protections. As such, the application server must provide security extensions to enhanc...

Fix Text (Documentation Requirement)

To attach policy sets for your service clients: From admin console, navigate to Applications >> All applications >> [application]. For each application that is a web service client and requires secure authentication, click on "Service client policy sets and bindings." Click button on the "Select" column to select a resource. Click on "Attach Client Policy Set" drop down. Select policy set that best matches the environment. Click button on the "Select" column to select the same resource. Click on the "Assign binding" drop down. Select a binding that best matches the environment. Click "Save". Restart DMGR and resync the JVMs.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel