← Back to IBM WebSphere Traditional V9.x Security Technical Implementation Guide

V-255839

CAT II (Medium)

The WebSphere Application Server management interface must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.

Rule ID

SV-255839r960846_rule

STIG

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000050

Discussion

To establish acceptance of system usage policy, a click-through banner at the application server management interface logon is required. The banner shall prevent further activity on the application server unless and until the user executes a positive action to manifest agreement by clicking on a box indicating "OK".

Check Content

Point browser to the URL of the WebSphere administration console.

If the Standard Mandatory DoD Notice and Consent Banner is not retained until the user acknowledges the usage conditions, this is a finding.

Fix Text

Open the file ${WAS_HOME}/properties/login.info.

Follow the instructions in the HTML comment section to create the pre-logon banner.

Enter the Standard DoD Mandatory Notice and Consent banner into the HTML section.

If logged on to the admin console, log out and log back on to validate the changes.

Restart the DMGR and all the JVMs.