V-255825
SV-255825r960765_rule
CAT II
The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes.
From: IBM WebSphere Traditional V9.x Security Technical Implementation Guide (V2R1)
Description
<VulnDiscussion>Without enabling repository checkpoints, you will not be able to determine the history of changes to WebSphere configuration files, and who made those changes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Review System Security Plan documentation.
Identify the required "Automatic CheckPoint Depth" setting that has been defined.
From administrative console, click System administration >> Extended repository service.
If "Enable automatic repository checkpoints" is not selected or if the "automatic checkpoint depth" is less than the number of saves defined in the System Security Plan, this is a finding.
Fix Text
From administrative console click System administration >> Extended repository service >> Enable automatic repository checkpoints.
Enter a "checkpoint depth value" according to the security plan.
Restart the DMGR and all the JVMs.
CCI Reference
CCI-000067- Created
- 2026-04-07 20:08:19
- Last Updated
- 2026-04-07 20:08:19