zOS Websphere Application Server for TSS STIG

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

zOS Websphere Application Server for TSS STIG

Overview

Version	Date	Finding Count (5)			Downloads
None	2020-01-23	CAT I (High): 1	CAT II (Med): 4	CAT III (Low): 0	Excel	JSON	XML

STIG Description
None

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC III - Administrative Sensitive)

Finding ID	Severity	Title	Description
V-3900	High	Vendor-supplied user accounts for the WebSphere Application Server must be defined to the ACP.	Vendor-supplied user accounts are defined to the ACP with factory-set passwords during the installation of the WebSphere Application Server (WAS). These user accounts are common to all WAS...
V-3897	Medium	MVS data sets for the WebSphere Application Server are not protected in accordance with the proper security requirements.	MVS data sets provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Failure to properly protect these data sets may lead to...
V-3899	Medium	The CBIND Resource(s) for the WebSphere Application Server is(are) not protected in accordance with security requirements.	SAF resources provide the ability to control access to functions and services of the WebSphere Application Server (WAS) environment. Many of these resources provide operational and administrative...
V-3898	Medium	HFS objects for the WebSphere Application Server are not protected in accordance with the proper security requirements.	HFS directories and files provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Many of these objects are responsible for the...
V-3901	Medium	The WebSphere Application Server plug-in is not specified in accordance with the proper security requirements.	Requests processed by the WebSphere Application Server (WAS) are dependent on directives configured in the HTTP server httpd.conf file. These directives specify critical files containing the WAS...