STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

DB2 must maintain the confidentiality and integrity of information during reception.

DISA Rule

SV-89281r2_rule

Vulnerability Number

V-74607

Group Title

SRG-APP-000442-DB-000379

Rule Version

DB2X-00-009200

Severity

CAT II

CCI(s)

• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

Run the following DB2 command to set the value of ssl_versions to approved TLS or SSL version:

$db2 update dbm cfg using SSL_VERSIONS <SSL Version>

Run the following command to set the value of db2comm parameter to SSL:

$db2set db2comm=ssl

Restart the database manager.

Note: Details on key database creation and setting up SSL environment are in the following links

Select the following knowledgebase link for more information regarding configuring SSL support:
http://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.admin.sec.doc/doc/t0025241.html?lang=en

Select the following knowledgebase link for more information regarding SSL_versions:
http://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.admin.config.doc/doc/r0053616.html?cp=SSEPGG_10.5.0%2F2-4-4-8-88&lang=en

Select the following knowledgebase link for setting communication protocol:
http://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.qb.server.doc/doc/t0004714.html?cp=SSEPGG_10.5.0&lang=en

Check Contents

The DB2 database system supports the use of Transport Layer Security (TLS) to enable a client to authenticate a server and to provide private communication between the client and server by use of encryption.

Run the following command to find out what versions of TLS are supported by the server:

$db2 get dbm cfg

If the value of the ssl_versions parameter is not set to "TLSV1" or "TLSV12" this is a finding.

Check the value of the DB2COMM parameter using the following command:

$db2set –all

If the value of DB2COMM is not set to "SSL", this is a finding.

Note: When this topic mentions SSL, the same information applies to TLS, unless otherwise noted.

Vulnerability Number

V-74607

Documentable

False

Rule Version

DB2X-00-009200

Severity Override Guidance

The DB2 database system supports the use of Transport Layer Security (TLS) to enable a client to authenticate a server and to provide private communication between the client and server by use of encryption.

Run the following command to find out what versions of TLS are supported by the server:

$db2 get dbm cfg

If the value of the ssl_versions parameter is not set to "TLSV1" or "TLSV12" this is a finding.

Check the value of the DB2COMM parameter using the following command:

$db2set –all

If the value of DB2COMM is not set to "SSL", this is a finding.

Note: When this topic mentions SSL, the same information applies to TLS, unless otherwise noted.

Check Content Reference

M

Target Key

3161

Comments