STIGQter STIGQter: STIG Summary: zOS WebsphereMQ for ACF2 STIG Version: 6 Release: 2 Benchmark Date: 24 Jul 2020:

WebSphere MQ resource classes are not properly activated.

DISA Rule

SV-7260r3_rule

Vulnerability Number

V-6959

Group Title

ZWMQ0049

Rule Version

ZWMQ0049

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The IAO will ensure that all WebSphere MQ resources are active and properly defined.

Ensure the System Authorization Facility Definition (SAFDEF) include an entry for WebSphere MQ as follows:

INSERT SAFDEF.MQS ID(MQS) FUNCRET(8) RETCODE(4) MODE(IGNORE)
RACROUTE(REQUEST=EXTRACT,CLASS=MQADMIN) REP

Ensure the Internal CLASMAP Definitions include the following entries:

INSERT CLASMAP.MQADMIN RESOURCE(MQADMIN) RSRCTYPE(MQA) ENTITYLN(62)
INSERT CLASMAP.MQQUEUE RESOURCE(MQQUEUE) RSRCTYPE(MQQ) ENTITYLN(53)
INSERT CLASMAP.MQNLIST RESOURCE(MQNLIST) RSRCTYPE(MQN) ENTITYLN(53)
INSERT CLASMAP.MQCMDS RESOURCE(MQCMDS) RSRCTYPE(MQC) ENTITYLN(22)
INSERT CLASMAP.MQCONN RESOURCE(MQCONN) RSRCTYPE(MQK) ENTITYLN(10)
INSERT CLASMAP.MQPROC RESOURCE(MQPROC) RSRCTYPE(MQP) ENTITYLN(53)

For V7.0.0 and above:

INSERT CLASMAP.MXADMIN RESOURCE(MXADMIN) RSRCTYPE(MXA) ENTITYLN(62)
INSERT CLASMAP.MXNLIST RESOURCE(MXNLIST) RSRCTYPE(MXN) ENTITYLN(53)
INSERT CLASMAP.MXPROC RESOURCE(MXPROC) RSRCTYPE(MXP) ENTITYLN(53)
INSERT CLASMAP.MXQUEUE RESOURCE(MXQUEUE) RSRCTYPE(MXQ) ENTITYLN(53)
INSERT CLASMAP.MXTOPIC RESOURCE(MXTOPIC) RSRCTYPE(MXT) ENTITYLN(246)

Check Contents

Refer to the following report produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(ACFGSO)

Ensure the System Authorization Facility Definition (SAFDEF) include an entry for WebSphere MQ as follows:

INSERT SAFDEF.MQS ID(MQS) FUNCRET(8) RETCODE(4) MODE(IGNORE)
RACROUTE(REQUEST=EXTRACT,CLASS=MQADMIN) REP

Ensure the Internal CLASMAP Definitions include the following entries:

INSERT CLASMAP.MQADMIN RESOURCE(MQADMIN) RSRCTYPE(MQA) ENTITYLN(62)
INSERT CLASMAP.MQCMDS RESOURCE(MQCMDS) RSRCTYPE(MQC) ENTITYLN(22)
INSERT CLASMAP.MQCONN RESOURCE(MQCONN) RSRCTYPE(MQK) ENTITYLN(10)
INSERT CLASMAP.MQNLIST RESOURCE(MQNLIST) RSRCTYPE(MQN) ENTITYLN(53)
INSERT CLASMAP.MQPROC RESOURCE(MQPROC) RSRCTYPE(MQP) ENTITYLN(53)
INSERT CLASMAP.MQQUEUE RESOURCE(MQQUEUE) RSRCTYPE(MQQ) ENTITYLN(53)

For V7.0.0 and above:

INSERT CLASMAP.MXADMIN RESOURCE(MXADMIN) RSRCTYPE(MXA) ENTITYLN(62)
INSERT CLASMAP.MXNLIST RESOURCE(MXNLIST) RSRCTYPE(MXN) ENTITYLN(53)
INSERT CLASMAP.MXPROC RESOURCE(MXPROC) RSRCTYPE(MXP) ENTITYLN(53)
INSERT CLASMAP.MXQUEUE RESOURCE(MXQUEUE) RSRCTYPE(MXQ) ENTITYLN(53)
INSERT CLASMAP.MXTOPIC RESOURCE(MXTOPIC) RSRCTYPE(MXT) ENTITYLN(246)

Vulnerability Number

V-6959

Documentable

False

Rule Version

ZWMQ0049

Severity Override Guidance

Refer to the following report produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(ACFGSO)

Ensure the System Authorization Facility Definition (SAFDEF) include an entry for WebSphere MQ as follows:

INSERT SAFDEF.MQS ID(MQS) FUNCRET(8) RETCODE(4) MODE(IGNORE)
RACROUTE(REQUEST=EXTRACT,CLASS=MQADMIN) REP

Ensure the Internal CLASMAP Definitions include the following entries:

INSERT CLASMAP.MQADMIN RESOURCE(MQADMIN) RSRCTYPE(MQA) ENTITYLN(62)
INSERT CLASMAP.MQCMDS RESOURCE(MQCMDS) RSRCTYPE(MQC) ENTITYLN(22)
INSERT CLASMAP.MQCONN RESOURCE(MQCONN) RSRCTYPE(MQK) ENTITYLN(10)
INSERT CLASMAP.MQNLIST RESOURCE(MQNLIST) RSRCTYPE(MQN) ENTITYLN(53)
INSERT CLASMAP.MQPROC RESOURCE(MQPROC) RSRCTYPE(MQP) ENTITYLN(53)
INSERT CLASMAP.MQQUEUE RESOURCE(MQQUEUE) RSRCTYPE(MQQ) ENTITYLN(53)

For V7.0.0 and above:

INSERT CLASMAP.MXADMIN RESOURCE(MXADMIN) RSRCTYPE(MXA) ENTITYLN(62)
INSERT CLASMAP.MXNLIST RESOURCE(MXNLIST) RSRCTYPE(MXN) ENTITYLN(53)
INSERT CLASMAP.MXPROC RESOURCE(MXPROC) RSRCTYPE(MXP) ENTITYLN(53)
INSERT CLASMAP.MXQUEUE RESOURCE(MXQUEUE) RSRCTYPE(MXQ) ENTITYLN(53)
INSERT CLASMAP.MXTOPIC RESOURCE(MXTOPIC) RSRCTYPE(MXT) ENTITYLN(246)

Check Content Reference

M

Target Key

3595

Comments