STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.

DISA Rule

SV-89401r1_rule

Vulnerability Number

V-74727

Group Title

SRG-APP-000080-AS-000045

Rule Version

MQMH-AS-000010

Severity

CAT II

CCI(s)

CCI-000166 - The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.

Weight

Fix Recommendation

To access the MQ Appliance CLI, enter:
mqcli

runmqsc [queue mgr name]
ALTER QMGR [AUTHOREV](ENABLED)

To exit the MQ Appliance CLI, enter:
end

Check Contents

Establish an SSH command line session as an admin user.

To access the MQ Appliance CLI, enter:
mqcli

To identify the queue managers, enter:
dspmq

To run the "runmqsc [queue mgr name]" command for each running queue manager enter:
DIS QMGR EVENT

A list of all events will be displayed along with an indication if event logging is enabled. The events are as follows:

Authority: AUTHOREV, Inhibit: INHIBITEV, Local: LOCALEV, Remote: REMOTEEV, Start and stop: STRSTPEV, Performance: PERFMEV, Command: CMDEV, Channel: CHLEV, Channel auto definition: CHADEV, SSL: SSLEV, Configuration: CONFIGEV

If AUTHOREV event logging is not enabled, this is a finding.

The MQ Appliance messaging server must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments