| DISA_IBM_WebSphere_Liberty_Server_STIG_v2r2.audit from DISA IBM WebSphere Liberty Server STIG v2r2 | |
| IBMW-LS-000010 - Maximum in-memory session count must be set according to application requirements. | ACCESS CONTROL |
| IBMW-LS-000020 - The WebSphere Liberty Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher. | ACCESS CONTROL |
| IBMW-LS-000030 - Security cookies must be set to HTTPOnly. | ACCESS CONTROL |
| IBMW-LS-000040 - The WebSphere Liberty Server must log remote session and security activity. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| IBMW-LS-000050 - Users in the REST API admin role must be authorized. | ACCESS CONTROL |
| IBMW-LS-000230 - The WebSphere Liberty Server must be configured to offload logs to a centralized system. | AUDIT AND ACCOUNTABILITY |
| IBMW-LS-000260 - The WebSphere Liberty Server must protect log information from unauthorized access or changes. | AUDIT AND ACCOUNTABILITY |
| IBMW-LS-000280 - The WebSphere Liberty Server must protect log tools from unauthorized access. | AUDIT AND ACCOUNTABILITY |
| IBMW-LS-000320 - The WebSphere Liberty Server must be configured to encrypt log information. | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| IBMW-LS-000340 - The WebSphere Liberty Server must protect software libraries from unauthorized access. | CONFIGURATION MANAGEMENT |
| IBMW-LS-000370 - The WebSphere Liberty Server must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services as defined in the PPSM CAL and vulnerability assessments. | CONFIGURATION MANAGEMENT |
| IBMW-LS-000380 - The WebSphere Liberty Server must use an LDAP user registry. | IDENTIFICATION AND AUTHENTICATION |
| IBMW-LS-000381 - Basic Authentication must be disabled. | IDENTIFICATION AND AUTHENTICATION |
| IBMW-LS-000390 - Multifactor authentication for network access to privileged accounts must be used. | IDENTIFICATION AND AUTHENTICATION |
| IBMW-LS-000440 - The WebSphere Liberty Server must store only encrypted representations of user passwords. | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| IBMW-LS-000450 - The WebSphere Liberty Server must use TLS-enabled LDAP. | IDENTIFICATION AND AUTHENTICATION |
| IBMW-LS-000500 - The WebSphere Liberty Server must use DoD-issued/signed certificates. | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| IBMW-LS-000520 - The WebSphere Liberty Server must use FIPS 140-2 approved encryption modules when authenticating users and processes. | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| IBMW-LS-000720 - HTTP session timeout must be configured. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| IBMW-LS-000770 - Application security must be enabled on the WebSphere Liberty Server. | ACCESS CONTROL |
| IBMW-LS-000790 - Users in a reader-role must be authorized. | ACCESS CONTROL |
| IBMW-LS-000830 - The WebSphere Liberty Server must allocate JVM log record storage capacity in accordance with organization-defined log record storage requirements. | AUDIT AND ACCOUNTABILITY |
| IBMW-LS-000910 - The server.xml file must be protected from unauthorized modification. | CONFIGURATION MANAGEMENT |
| IBMW-LS-000970 - The WebSphere Liberty Server must prohibit the use of cached authenticators after an organization-defined time period. | IDENTIFICATION AND AUTHENTICATION |
| IBMW-LS-001050 - The WebSphere Liberty Server LTPA keys password must be changed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| IBMW-LS-001110 - The WebSphere Liberty Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information. | SYSTEM AND COMMUNICATIONS PROTECTION |
| IBMW-LS-001120 - The WebSphere Liberty Server must be configured to use HTTPS only. | SYSTEM AND COMMUNICATIONS PROTECTION |
| IBMW-LS-001170 - The WebSphere Liberty Server must install security-relevant software updates within the time period directed by an authoritative source. | SYSTEM AND INFORMATION INTEGRITY |
| IBMW-LS-001190 - The WebSphere Liberty Server must generate log records for authentication and authorization events. | AUDIT AND ACCOUNTABILITY |
