WebSphere Application Server & Liberty

 View Only

DISA STIG for Traditional WebSphere Application Server (tWAS)

By James Mulvey posted Thu May 20, 2021 03:00 PM


For hardening traditional WAS ND Version 9.0.x server environments in alignment with NIST SP800-53 we now have a Department of Defense Security Technical Implementation Guide.  This provides a set of configuration hardening steps to ensure you have a secure configuration in place for WAS ND for production environments. These are broken into 3  categories.

  1) Category 1 (High)

  2) Category 2 (Medium)

  3) Category 3 (Low)

It's highly recommended that WAS ND customers review these recommendations and follow the associated steps to lock down your environments.

We also have an extensive set a materials that provide hardening guidance for traditional WAS ND environments located here. Note this material is more relevant to WAS V7 and V8/8.5.

Traditional WAS Hardening Part 1

Traditional WAS Hardening Part 2

For questions regarding this information I can be contacted at jmulvey@us.ibm.com.