STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.

DISA Rule

SV-89509r1_rule

Vulnerability Number

V-74835

Group Title

SRG-APP-000514-AS-000137

Rule Version

MQMH-AS-000830

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Install approved certificates that have been issued by a DoD CA.

Check Contents

From the MQ Appliance WebGUI, click on the Administration (gear) icon.

Click on Main >> File Management.

Click on the cert directory.

Click on the "Details" action to the right of each cert to display its attributes.

Verify that each certificate attribute meets organizationally approved requirements.

If any certificates have not been issued by a DoD- or CNSS-approved PKI CA, this is a finding.

Vulnerability Number

V-74835

Documentable

False

Rule Version

MQMH-AS-000830

Severity Override Guidance

From the MQ Appliance WebGUI, click on the Administration (gear) icon.

Click on Main >> File Management.

Click on the cert directory.

Click on the "Details" action to the right of each cert to display its attributes.

Verify that each certificate attribute meets organizationally approved requirements.

If any certificates have not been issued by a DoD- or CNSS-approved PKI CA, this is a finding.

Check Content Reference

M

Target Key

3239

Comments