Configuring Common Secure Interoperability Version 2 (CSIV2) - PCI Compliance

TL;DR

To enable CSIv2 for inbound and outbound launch the wsadmin tool with -lang jython and issue the following command:

AdminTask.configureCSIOutbound('[-transportLayer 'SSL-required']')
AdminTask.configureCSIInbound('[-transportLayer 'SSL-required' ]')
AdminConfig.save()

Using the console:

Set the inbound and outbound transports in the administrative console. Make sure that administrative security is enabled.

• WebSphere Application Server Version 7.0: Click Security > Global Security > RMI/IIOP Security > CSIv2 inbound [outbound[ communications. Change the transport type under the CSIv2 Transport Layer to SSL-Required.

Transport values:

TCP/IP
SSL-required
SSL-supported

CSIv2 stands for the Common Secure Interoperability Version 2 (CSIV2) and can be found in the inbound and outbound communication settings.

FIPS Compliance-Part III. enableFips using wsadmin and jython jacl

TL;DR

To enable FIPS140-2, launch the wsadmin tool with -lang jython and issue the following command:

AdminTask.enableFips("[-enableFips true -fipsLevel FIPS140-2]")

or use Jacl:

$AdminTask enableFips {-enableFips true -fipsLevel transition }

Result:

fipsLevel values:

FIPS140-2

transition

SP800-131

Details:

Or you can save even more time by scripting this. I wrote the following script to do the job for me (my actual script is longer as now it supports different fipsLevel values).

Example jython script:

import sys, java
def enableFIPS(fipsLevel):
  AdminTask.enableFips("[-enableFips true -fipsLevel FIPS140-2)
  AdminConfig.save()
def disableFIPS():
  AdminTask.enableFips("[-enableFips false)
  AdminConfig.save()
if sys.argv[0].lower()=="enable":
  print 'Enabling the FIPS140-2'
  enableFIPS("FIPS140-2")
elif sys.argv[0].lower()=="disable"
  disableFIPS()