STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must use encryption strength in accordance with the categorization of the management data during remote access management sessions.

DISA Rule

SV-89523r1_rule

Vulnerability Number

V-74849

Group Title

SRG-APP-000014-AS-000009

Rule Version

MQMH-AS-001320

Severity

CAT II

CCI(s)

CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

Fix Recommendation

To set management access to the highest encryption strength, enable FIPS 140-2 Level 1 mode at the next reload of the firmware.
Enter the following commands:
config
crypto
crypto-mode-set fips-140-2-l1
Press "Enter"

The following message will appear:
"Crypto Mode Successfully set to fips-140-2-l1 for next boot."

Check Contents

To access the MQ Appliance CLI, enter:
mqcli

config
crypto
show crypto-mode

If the current setting is set to "permissive", this is a finding.

Vulnerability Number

V-74849

Documentable

False

Rule Version

MQMH-AS-001320

Severity Override Guidance

To access the MQ Appliance CLI, enter:
mqcli

config
crypto
show crypto-mode

If the current setting is set to "permissive", this is a finding.

Check Content Reference

Target Key

3239

The MQ Appliance messaging server must use encryption strength in accordance with the categorization of the management data during remote access management sessions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments