STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 10 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Oracle WebLogic Server 12c Security Technical Implementation Guide

V-235999

CAT II (Medium)

Oracle WebLogic must be integrated with a tool to implement multi-factor user authentication.

Rule ID

SV-235999r961863_rule

STIG

Oracle WebLogic Server 12c Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000366

Discussion

Multifactor authentication is defined as: using two or more factors to achieve authentication. Factors include: (i) something a user knows (e.g., password/PIN); (ii) something a user has (e.g., cryptographic identification device, token); or (iii) something a user is (e.g., biometric). A CAC meets this definition. Implementing a tool, such as Oracle Access Manager, will implement multi-factor authentication to the application server and tie the authenticated user to a user account (i.e. roles and privileges) assigned to the authenticated user.

Check Content

Review the WebLogic configuration to determine if a tool, such as Oracle Access Manager, is in place to implement multi-factor authentication for the users. If a tool is not in place to implement multi-factor authentication, this is a finding.

Fix Text

Install a tool, such as Oracle Access Manager, to handle multi-factor authentication of users.