STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.

DISA Rule

SV-89595r1_rule

Vulnerability Number

V-74921

Group Title

SRG-APP-000343-AS-000030

Rule Version

MQMH-AS-000480

Severity

CAT II

CCI(s)

CCI-000067 - The information system monitors remote access methods.
CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.
CCI-002234 - The information system audits the execution of privileged functions.

Weight

Fix Recommendation

For each queue manager on the MQ Appliance, enable configuration event logging (CONFIGEV).

From the MQ Appliance CLI, enter the following:

runmqsc [queue mgr name]
ALTER QMGR CONFIGEV(ENABLED)
end

Check Contents

For each queue manager on the MQ Appliance for which configuration events logging should be enabled, establish an SSH command line session as an admin user.

To access the MQ Appliance CLI, enter:
mqcli

To identify the queue managers, enter:
dspmq

To run the "runmqsc [queue mgr name]" command for each running queue manager, enter:
runmqsc [queue mgr name]
DIS QMGR CONFIGEV
CONFIGEV(ENABLED) - should be the result.
end

If "CONFIGEV" is not "ENABLED", this is a finding.

The MQ Appliance messaging server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments