Oct 22, 2025 Informational Update- 1.5 Ensure Websphere Liberty Server Output is not set to the default value
- 1.9 Ensure that the 'onConflict attribute' is set to 'IGNORE' to restrict config file overwrites
- 10.1 Ensure Unused Features are Removed
- 10.2 Ensure Passwords are Encrypted
- 10.4 Ensure 'keysPassword' is set to a custom password for ltpa keys
- 10.5 Ensure 'security-role' is defined for role based authorization checks for Web and EJB applications
- 2.3 Ensure that the LDAP connection uses TLS
- 4.2.8 Ensure that CA (Certificate Authority) certificates are used
- 4.4.10 Ensure 'trustedHeaderOrigin' is set to trusted host names and IP addresses
- 4.4.13 Ensure application security feature is enabled
- 4.4.17 Ensure uncovered http methods are denied
- 4.4.19 Ensure server headers on requests are removed
- 4.4.9 Ensure ''trustedSensitiveHeaderOrigin'' is set to trusted host names and IP addresses for sensitive data
- 6.3 Ensure CallbackHandler is used to access private keys in keystore files
Miscellaneous- Metadata updated.
- Variables updated.
|
Sep 12, 2025 Miscellaneous- Metadata updated.
- References updated.
|
