zOS Websphere Application Server for ACF2 Security Technical Implementation Guide
Overview
| Version | Date | Finding Count (5) | Downloads | ||
| 7 | 2024-12-16 | CAT I (High): 1 | CAT II (Medium): 4 | CAT III (Low): 0 | |
| STIG Description |
| This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. |
Findings - All
| Finding ID | Severity | Title | Description |
|---|---|---|---|
| V-224352 | Vendor-supplied user accounts for the WebSphere Application Server must be defined to the ACP. | Vendor-supplied user accounts are defined to the ACP with factory-set passwords during the installation of the WebSphere Application Server (WAS). Th... | |
| V-224349 | MVS data sets for the WebSphere Application Server are not protected in accordance with the proper security requirements. | MVS data sets provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Failure to prop... | |
| V-224350 | HFS objects for the WebSphere Application Server are not protected in accordance with the proper security requirements. | HFS directories and files provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Ma... | |
| V-224351 | The CBIND Resource(s) for the WebSphere Application Server is(are) not protected in accordance with security requirements. | SAF resources provide the ability to control access to functions and services of the WebSphere Application Server (WAS) environment. Many of these re... | |
| V-224353 | The WebSphere Application Server plug-in is not specified in accordance with the proper security requirements. | Requests processed by the WebSphere Application Server (WAS) are dependent on directives configured in the HTTP server httpd.conf file. These directi... |