The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-81215 | WBSP-AS-000160 | SV-95929r1_rule | CCI-000068 | medium |
| Description | ||||
| Quality of Protection specifies the security level, ciphers, and mutual authentication settings for the Secure Socket Layer (SSL/TLS) configuration. | ||||
| STIG | Date | |||
| IBM WebSphere Traditional V9.x Security Technical Implementation Guide | 2018-08-24 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-17(2)
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.13
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000068
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-95929r1_chk)
From the administrative console, navigate to Security >> SSL certificate and key management.
Click "SSL configurations".
Click on each SSL configuration to review.
Under "Additional Properties", click "Quality of protection (QoP)" settings.
If the "Protocol" field does not show "TLSv1.2 or greater", this is a finding.
Fix Text (F-87995r3_fix)
From the administrative console, navigate to Security >> SSL certificate and key management.
Click "SSL configurations".
Click on each SSL configuration.
Under "Additional Properties", click "Quality of protection (QoP)" settings.
At the "Protocol" pull-down menu, select "TLSv1.2 or greater".
Click "OK".
Click "Save".
Restart the DMGR and all the JVMs.