STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM WebSphere Traditional V9.x Security Technical Implementation Guide

V-283677

CAT II (Medium)

The WebSphere Application Server must use FIPS 140-3-approved encryption modules when authenticating users and processes.

Rule ID

SV-283677r1193276_rule

STIG

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000803CCI-001188CCI-002418CCI-002421CCI-002422CCI-002450

Discussion

Encryption is only as good as the encryption modules in use. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and DOD data may be compromised due to weak algorithms. The use of TLS provides confidentiality of data in transit between the application server and client. FIPS 140-3-approved TLS versions include TLS V1.0 or greater. TLS must be enabled and non-FIPS-approved SSL versions must be disabled. NIST SP 800-52 specifies the preferred configurations for government systems.

Check Content

Note: If FIPS 140-2 is configured in WBSP-AS-001290, this is not applicable. This is allowed until 21 September 2026. If FIPS 140-2 is still in use after this date, this is a finding.

From administrative console, click Security >> SSL certificate and key management >> Manage FIPS.

If "Enable FIPS 140-3" is not selected, this is a finding.

Fix Text

Implementation for Cell Profile (Network Deployment):

1. Back up the existing configuration:

backupConfig.sh <backup_directory>

2. Stop all servers except the deployment manager:

- Stop all node agents and application servers.
- Keep only the deployment manager running.

3. Enable FIPS 140-3.

Option A - Using Administrative Console:
1. Click Security >> SSL certificate and key management >> Manage FIPS.


2. Select "Enable FIPS 140-3".
3. Click "Apply".

Option B - Using Admin Command:
AdminTask.enableFips('[-enableFips true -fipsLevel FIPS140-3 ]')

1. Stop the deployment manager.

2. Restart the deployment manager.

3. Synchronize nodes. On each node, run:

syncNode.sh <dmgr_host> <dmgr_port>

4. Start node agents and servers

Implementation for Standalone Profile:
1. Back up the existing configuration:

backupConfig.sh <backup_directory>

2. Enable FIPS 140-3.

Option A - Using Administrative Console:
1. Click Security >> SSL certificate and key management >> Manage FIPS.

2. Select "Enable FIPS 140-3".

3. Click "Apply".

Option B - Using Admin Command:
AdminTask.enableFips('[-enableFips true -fipsLevel FIPS140-3 ]')

For both methods, restart the application server.