STIGQter STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017: The MQ Appliance messaging server must accept FICAM-approved third-party credentials.

DISA Rule

SV-89561r1_rule

Vulnerability Number

V-74887

Group Title

SRG-APP-000404-AS-000249

Rule Version

MQMH-AS-000840

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Log on to the WebGUI as a privileged user.

Click on the "MQ Console" icon.

Click "Add" widget at the top right of the screen.

Select a queue manager from the drop-down list.

Select "Authentication Information".

Click the "+" (plus sign) to define the authentication method authentication for this queue manager.

Specify an "Authinfo" name (e.g., USE.OCSP).

Select "OCSP" as the "Authinfo" type.

Specify an OCSP responder URL.

Click "Create".

In the "Local Queue Managers" widget, select the OCSP queue manager you just configured.

Click "More..." then select "Refresh Security... "

Check Contents

Log on to the WebGUI as a privileged user.

Click on the "MQ Console" icon.

Click "Add" widget at the top right of the screen.

Select queue manager intended for OCSP from the drop-down list.

Select "Authentication Information".

Verify that the authentication type is "OCSP".

Click on the "Properties" button.

Click "OCSP" on the side bar to verify that the OCSP responder URL is correct.

If either the authentication type is not "OCSP" or the OCSP responder URL in not correct, this is a finding.

Vulnerability Number

V-74887

Documentable

False

Rule Version

MQMH-AS-000840

Severity Override Guidance

Log on to the WebGUI as a privileged user.

Click on the "MQ Console" icon.

Click "Add" widget at the top right of the screen.

Select queue manager intended for OCSP from the drop-down list.

Select "Authentication Information".

Verify that the authentication type is "OCSP".

Click on the "Properties" button.

Click "OCSP" on the side bar to verify that the OCSP responder URL is correct.

If either the authentication type is not "OCSP" or the OCSP responder URL in not correct, this is a finding.

Check Content Reference

M

Target Key

3239

Comments