STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM WebSphere Traditional V9.x Security Technical Implementation Guide

V-255827

CAT I (High)

The WebSphere Application Server bus security must be enabled.

Rule ID

SV-255827r961863_rule

STIG

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-002315CCI-000366

Discussion

A service integration bus is a group of one or more application servers or server clusters in a WebSphere® Application Server cell that cooperate to provide asynchronous messaging services. The application servers or server clusters in a bus are known as bus members. When a bus is created with bus security enabled, the following conditions apply: The bus requires client authentication. The bus enforces authorization policy. The bus requires use of SSL transport chains.

Check Content

Review System Security Plan documentation.

Interview the system administrator.

Identify the service integration buses configured on the WAS.

If there are no service integration buses, this requirement is NA.

From the administration console, navigate to Security >> Bus Security.

For each service integration bus, if security is not enabled, this is a finding.

Fix Text

From the administration console, navigate to Security >> Bus Security.

For each service integration bus where security is not enabled, click on "Disabled".

Click the check box to "Enable bus security".

Configure the transport settings and authorization policies according to application security access requirements specified in the security plan.