STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM WebSphere Traditional V9.x Security Technical Implementation Guide

V-255845

CAT II (Medium)

The WebSphere Application Server audit subsystem failure action must be set to Log warning.

Rule ID

SV-255845r960912_rule

STIG

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000139

Discussion

Logs are essential to monitor the health of the system, investigate changes that occurred to the system, or investigate a security incident. When log processing fails, the events during the failure can be lost. To minimize the timeframe of the log failure, an alert needs to be sent to the SA and ISSO at a minimum. Log processing failures include, but are not limited to, failures in the application server log capturing mechanisms or log storage capacity being reached or exceeded. WebSphere must be set to log warnings that the audit subsystem has failed or is in danger or failing so action can be taken to correct the issue.

Check Content

In the administrative console, navigate to Security >> Security auditing.

If "Audit subsystem failure action" is not set to "Log Warning", this is a finding.

Fix Text

In the administrative console, navigate to Security >> Security auditing.

Click the "Audit subsystem failure action" dropdown box.

Select "Log Warning".

Click "Apply".

Click "Save" to save the configuration.

Restart the DMGR and all JVMs.