STIGQter STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017: The MQ Appliance network device must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.

DISA Rule

SV-89603r1_rule

Vulnerability Number

V-74929

Group Title

SRG-APP-000065-NDM-000214

Rule Version

MQMH-ND-000150

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Set Authentication Method to LDAP.
Configure LDAP connection as required.

Note: Enforcing the limit of three consecutive invalid logon attempts during a 15-minute time period is the responsibility of the LDAP server.

Check Contents

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Review LDAP server settings and verify the LDAP configuration limits three consecutive invalid logon attempts by a user during a 15-minute time period

If MQ is not set to LDAP authentication or if LDAP is not configured to meet the requirement, this is a finding.

Vulnerability Number

V-74929

Documentable

False

Rule Version

MQMH-ND-000150

Severity Override Guidance

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Review LDAP server settings and verify the LDAP configuration limits three consecutive invalid logon attempts by a user during a 15-minute time period

If MQ is not set to LDAP authentication or if LDAP is not configured to meet the requirement, this is a finding.

Check Content Reference

M

Target Key

3243

Comments