STIGQter STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017: The MQ Appliance network device must terminate shared/group account credentials when members leave the group.

DISA Rule

SV-89663r1_rule

Vulnerability Number

V-74989

Group Title

SRG-APP-000317-NDM-000282

Rule Version

MQMH-ND-000910

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on to the MQ appliance WebGUI as an admin user. Click Administration (gear icon) >> Access. Select User Account and User Group options.

Configure no local accounts other than the Fallback user emergency account.

Change the local Fallback user account password whenever MQ admin team members leave the group or no longer require access.

Check Contents

Log on to the MQ appliance WebGUI as an admin user. Click Administration (gear icon) >> Access. Select User Account and User Group options.

Review user names that are displayed.

Local user accounts should not be shared. The only exception is the local "Fallback" user account of last resort, which is used for emergency access.

Verify that no user accounts other than the designated Fallback user emergency account exist or are shared.

Verify the local Fallback user password is changed whenever MQ administrators leave the team and no longer have a need to access the MQ device.

If any user accounts other than the Fallback user exist or are shared, or if the local Fallback user password is not changed when MQ admins leave the team/group, this is a finding.

Vulnerability Number

V-74989

Documentable

False

Rule Version

MQMH-ND-000910

Severity Override Guidance

Log on to the MQ appliance WebGUI as an admin user. Click Administration (gear icon) >> Access. Select User Account and User Group options.

Review user names that are displayed.

Local user accounts should not be shared. The only exception is the local "Fallback" user account of last resort, which is used for emergency access.

Verify that no user accounts other than the designated Fallback user emergency account exist or are shared.

Verify the local Fallback user password is changed whenever MQ administrators leave the team and no longer have a need to access the MQ device.

If any user accounts other than the Fallback user exist or are shared, or if the local Fallback user password is not changed when MQ admins leave the team/group, this is a finding.

Check Content Reference

M

Target Key

3243

Comments