The WebSphere Application Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-81391 | WBSP-AS-001610 | SV-96105r1_rule | CCI-002418 | medium |
| Description | ||||
| Export grade encryption suites are not strong and do not meet DoD requirements. The encryption for the session becomes easy for the attacker to break. Do not use export grade encryption. Information on disabling export ciphers can be found in Knowledge Center at this link: http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.ihs.doc/ihs/rihs_ciphspec.html | ||||
| STIG | Date | |||
| IBM WebSphere Traditional V9.x Security Technical Implementation Guide | 2018-08-24 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
SC-8
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.13.8
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-002418
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-96105r1_chk)
From the administrative console, navigate to Security >> SSL certificate and key management >> SSL configurations >> [Name] >> for each SSL Configuration
Select "Quality of protection (QoP) settings".
Under "Cipher suite" settings, if any of the ciphers contained in the "Selected ciphers" box" contain "EXPORT" in their name, this is a finding.
Fix Text (F-88177r1_fix)
From the administrative console, navigate to Security >> SSL certificate and key management >> SSL configurations >> [Name] >> for each SSL configuration
Select "Quality of protection (QoP) settings" under "Cipher suite" settings.
Identify any ciphers that include "EXPORT" in their name.
Remove the cipher by selecting the cipher.
Click "Remove" button.
Click "OK".
Recycle the DMGR and sync the JVMs.