STIGQter STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must use encryption strength in accordance with the categorization of the management data during remote access management sessions.

DISA Rule

SV-89523r1_rule

Vulnerability Number

V-74849

Group Title

SRG-APP-000014-AS-000009

Rule Version

MQMH-AS-001320

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To set management access to the highest encryption strength, enable FIPS 140-2 Level 1 mode at the next reload of the firmware.
Enter the following commands:
config
crypto
crypto-mode-set fips-140-2-l1
Press "Enter"

The following message will appear:
"Crypto Mode Successfully set to fips-140-2-l1 for next boot."

Check Contents

To access the MQ Appliance CLI, enter:
mqcli

config
crypto
show crypto-mode

If the current setting is set to "permissive", this is a finding.

Vulnerability Number

V-74849

Documentable

False

Rule Version

MQMH-AS-001320

Severity Override Guidance

To access the MQ Appliance CLI, enter:
mqcli

config
crypto
show crypto-mode

If the current setting is set to "permissive", this is a finding.

Check Content Reference

M

Target Key

3239

Comments