What is new for security specialists

What is new for security specialists

This version contains many new and changed features for those who are responsible for securing applications and the application serving environment.

Security custom properties
New for this release, the default value of the com.ibm.CSI.propagateFirstCallerOnly security custom property is set to true. When true, the first caller in the propagation token that stays on the thread is logged when security attribute propagation is enabled. When false, all of the caller switches are logged, which can affect performance.

WAS security standards configurations
WebSphere Application Server integrates cryptographic modules, which include Java Secure Socket Extension (JSSE) and Java Cryptography Extension (JCE). Most of the requirements in the standards are handled in the JSSE and JCE, which must undergo the certification process to meet government standards. WebSphere Application Server must be configured to run with the JSSE and JCE enabled for a particular standard, and now supports the FIPS 140-2, SP800-131 and Suite B security standards.

Reference topic