The WebSphere Application Server LDAP user registry must be used.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-81299 | WBSP-AS-001010 | SV-96013r1_rule | CCI-000764 | medium |
| Description | ||||
| To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated. This is typically accomplished via the use of a user store which is either local (OS-based) or centralized (LDAP) in nature. To ensure support to the enterprise, the authentication must utilize an enterprise solution. | ||||
| STIG | Date | |||
| IBM WebSphere Traditional V9.x Security Technical Implementation Guide | 2018-08-24 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-2
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.5.1
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.2
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000764
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-96013r1_chk)
In the administrative console, click Security >> Global security.
If the "Available realm definitions" drop down box under the "User account repository" section is not set to "Standalone LDAP registry", this is a finding.
Fix Text (F-88079r2_fix)
In the administrative console, click Security >> Global security.
Under "User account repository", click the "Available realm definitions" drop-down list.
Select "Standalone LDAP" registry.
Click "Configure".
Provide the Primary Administrative user name, type of LDAP server, hostname for the LDAP server, define the Base distinguished name.
Click "OK".
On "Global security" panel, click "Set as current".
Click "Apply".
Click "Save".
Recycle and synchronize the JVMS.