STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM WebSphere Traditional V9.x Security Technical Implementation Guide

V-255864

CAT II (Medium)

The WebSphere Application Server local file-based user registry must not be used.

Rule ID

SV-255864r1051118_rule

STIG

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000764

Discussion

WebSphere does not provide direct audit of changes to the built-in file registry. The built-in file registry must not be used to support user logon accounts. Use an LDAP/AD server and manage user accounts centrally.

Check Content

Navigate to Security >> Global Security.

Under "User Account Repository" if the "Federated Repositories" is chosen, click on "Configure".

Under "Repositories in the realm", if "o=defaultWIMFileBasedRealm" appears in the "Base Entry" column, this is a finding.

Fix Text

Navigate to Security >> Global Security.

Under "User Account Repository", select "Stand alone LDAP" from the "Available realm definitions" drop-down.

Click on "Configure".

Select an existing user from the LDAP directory to be the primary WebSphere admin user.

Identify the type of LDAP server; specify an IP or DNS name for the LDAP Server, and the port used to connect to the LDAP server.

Specify BASE DN.

Specify the BIND DN.

Specify the BIND Password.

Select the "SSL enabled" check box to use secure LDAP.

Click "Apply".

Click "Save".

Go to Global Security.

Select "Standalone LDAP registry" from the "Available realm definitions" drop-down.

Click "Set as current".

Click "Apply".

Click "Save".

Restart the dmgr and synchronize the JVMs.