zOS WebSphere Application Server for ACF2 Security Technical Implementation Guide
Overview
| Version | Date | Finding Count (5) | Downloads | ||
| V7R2 | 2025-09-26 | CAT I (High): 1 | CAT II (Medium): 4 | CAT III (Low): 0 | |
| STIG Description |
| This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. |
Findings - MAC I - Mission Critical Sensitive
| Finding ID | Severity | Title | Description |
|---|---|---|---|
| V-224349 | MVS datasets for the WebSphere Application Server are not protected in accordance with the proper security requirements. | MVS datasets provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Failure to prope... | |
| V-224350 | HFS objects for the WebSphere Application Server are not protected in accordance with the proper security requirements. | HFS directories and files provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Man... | |
| V-224351 | The CBIND Resource(s) for the WebSphere Application Server is(are) not protected in accordance with security requirements. | SAF resources provide the ability to control access to functions and services of the WebSphere Application Server (WAS) environment. Many of these res... | |
| V-224353 | The WebSphere Application Server plug-in is not specified in accordance with the proper security requirements. | Requests processed by the WebSphere Application Server (WAS) are dependent on directives configured in the HTTP server httpd.conf file. These directiv... | |
| V-224352 | Vendor-supplied user accounts for the WebSphere Application Server must be defined to the ACP. | Vendor-supplied user accounts are defined to the ACP with factory-set passwords during the installation of the WebSphere Application Server (WAS). The... |