Enabling NIST SP800-131A compliance on a server with a stand-alone WebSphere Application Server

The IBM® BigFix® Remote Control Server uses the middleware infrastructure that is provided by WebSphere® secure HTTP communications. Therefore, to enable NIST SP800-131A compliance for a manual IBM BigFix Remote Control Server installation you must configure IBM BigFix Remote Control Server and WebSphere.

About this task

To enable NIST SP800-131A compliance for a manual server installation, complete the following steps after you install the server.

Procedure

  1. Configure WebSphere
    The WebSphere documentation describes how to enable NIST SP800-131A in WebSphere. Follow the instructions relevant to your version of WebSphere.
  2. Log on to the IBM BigFix Remote Control Server with a valid admin ID and password.
  3. Click Admin > Edit properties files
  4. In the common.properties file set sp800131a.compliance to true.
  5. Click Submit.
  6. Click Admin > Reset Application.
  7. Restart the server service.
    For more information about restarting the server service, see Manage the component services. Follow the steps in the section that is relevant to your operating system.

Results

Note: NIST SP800-131A enablement changes in WebSphere affect all other applications that are running on that server. Therefore, browser settings for the users who access those other applications must be changed to support Transport Layer Security (TLS).

To enable TLS in Internet Explorer, complete the following steps.

  • Click Tools > Internet Options.
  • On the Advanced tab, select Use TLS 1.2.
  • Click Apply.
  • Click OK.

To enable TLS in Firefox, complete the following steps.

  • In the browser, go to the about:config page.
  • Click I'll be careful, I promise.
  • In the search field search for security.tls.version.max.
  • Set the value to 3.