STIGQter: STIG Summary: zOS WebsphereMQ for TSS STIG Version: 6 Release: 2 Benchmark Date: 24 Jul 2020:

User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements.

DISA Rule

SV-3903r3_rule

Vulnerability Number

V-3903

Group Title

ZWMQ0020

Rule Version

ZWMQ0020

Severity

CAT II

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Review the WebSphere MQ System Setup Guide and the information on the ALTER SECURITY command in the WebSphere MQ Script (MQSC) Command Reference.

Ensure the values for the TIMEOUT and INTERVAL parameters are specified in accordance with security requirements.

Check Contents

a) Refer to the following report produced by the z/OS Data Collection:

- MQSRPT(ssid)

NOTE: ssid is the queue manager name (a.k.a., subsystem identifier).

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZWMQ0020)

b) Review the ssid report(s) and perform the following steps:

1) Find the DISPLAY SECURITY command to locate the start of the security parameter settings.
2) Review the CSQH015I and CSQH016I messages to determine the Timeout and Interval parameter settings respectively.
3) Repeat these steps for each queue manager ssid.

The standard values are:

TIMEOUT(15)
INTERVAL(5)

c) If the Timeout and Interval values conform to the standard values, there is NO FINDING.

d) If the Timeout and/or Interval values do not conform to the standard values, this is a FINDING.

Vulnerability Number

V-3903

Documentable

False

Rule Version

ZWMQ0020

Severity Override Guidance

a) Refer to the following report produced by the z/OS Data Collection:

- MQSRPT(ssid)

NOTE: ssid is the queue manager name (a.k.a., subsystem identifier).

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZWMQ0020)

b) Review the ssid report(s) and perform the following steps:

1) Find the DISPLAY SECURITY command to locate the start of the security parameter settings.
2) Review the CSQH015I and CSQH016I messages to determine the Timeout and Interval parameter settings respectively.
3) Repeat these steps for each queue manager ssid.

The standard values are:

TIMEOUT(15)
INTERVAL(5)

c) If the Timeout and Interval values conform to the standard values, there is NO FINDING.

d) If the Timeout and/or Interval values do not conform to the standard values, this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

3363

Comments