STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance network device access must automatically disable accounts after a 35-day period of account inactivity.

DISA Rule

SV-89601r1_rule

Vulnerability Number

V-74927

Group Title

SRG-APP-000025-NDM-000207

Rule Version

MQMH-ND-000080

Severity

CAT II

CCI(s)

• CCI-000017 - The information system automatically disables inactive accounts after an organization-defined time period.

Weight

10

Fix Recommendation

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Set Authentication Method to LDAP. Configure LDAP server connection as required.

Check Contents

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Review LDAP server settings and verify accounts are configured to be disabled after 35 days of inactivity.

If MQ is not set to LDAP authentication or if LDAP is not configured to meet the requirement, this is a finding.

Vulnerability Number

V-74927

Documentable

False

Rule Version

MQMH-ND-000080

Severity Override Guidance

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Review LDAP server settings and verify accounts are configured to be disabled after 35 days of inactivity.

If MQ is not set to LDAP authentication or if LDAP is not configured to meet the requirement, this is a finding.

Check Content Reference

M

Target Key

3243

Comments