STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM WebSphere Traditional V9.x Security Technical Implementation Guide

V-255883

CAT III (Low)

The WebSphere Application Server must not generate LTPA keys automatically.

Rule ID

SV-255883r1067567_rule

STIG

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-002475

Discussion

Automated LTPA key generation can create unplanned outages. Plan to change your LTPA keys during a scheduled outage. Distribute the new keys to all nodes in the cell and to all external systems/cells during this outage window.

Check Content

If LTPA is not utilized, this is not applicable.

Request the documented process to manually regenerate the LTPA keys.

The time period for regeneration must be defined, documented, and accepted by the ISSO but must be performed at least annually.

Navigate to Security >> SSL Certificate and Key Management >> Key set groups >> Cell LTPAKeySetGroup.

If automatically generate keys is checked, this is a finding.

Fix Text

Navigate to Security >> SSL Certificate and Key Management >> Key set groups >> Cell LTPAKeySetGroup.

Uncheck automatically generate keys.

Click "OK".

Click "Save".

Restart the "Deployment Manager".