STIGQter STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

Applications used for nonlocal maintenance sessions using the MQ Appliance WebGUI must implement cryptographic mechanisms to protect the confidentiality and integrity of nonlocal maintenance and diagnostic communications.

DISA Rule

SV-89681r1_rule

Vulnerability Number

V-75007

Group Title

SRG-APP-000411-NDM-000330

Rule Version

MQMH-ND-001260

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on to the MQ Appliance CLI as a privileged user.

Display the SSL Server Profile associated with the WebGUI (CLI). Enter:
co
show web-mgmt

[Note the name of the ssl-server.]

Define the cache parameters of the SSL Server (CLI). Enter:
co
crypto
ssl-server <ssl-server name>
protocols TLSv1d2
exit
exit
write mem
y

Check Contents

Log on to the MQ Appliance CLI as a privileged user.

Display the SSL Server Profile associated with the WebGUI (CLI). Enter:
co
show web-mgmt

Verify the following:
An ssl-server is associated with the WebGUI.
[Note the name of the ssl-server.]

List parameters of the SSL Server (CLI). Enter:
co
crypto
ssl-server <ssl-server name>
show

Verify the following:
protocols TLSv1d2

If TLS protocol is not configured for use with the ssl-server, this is a finding.

Vulnerability Number

V-75007

Documentable

False

Rule Version

MQMH-ND-001260

Severity Override Guidance

Log on to the MQ Appliance CLI as a privileged user.

Display the SSL Server Profile associated with the WebGUI (CLI). Enter:
co
show web-mgmt

Verify the following:
An ssl-server is associated with the WebGUI.
[Note the name of the ssl-server.]

List parameters of the SSL Server (CLI). Enter:
co
crypto
ssl-server <ssl-server name>
show

Verify the following:
protocols TLSv1d2

If TLS protocol is not configured for use with the ssl-server, this is a finding.

Check Content Reference

M

Target Key

3243

Comments