STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must employ approved cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.

DISA Rule

SV-89533r1_rule

Vulnerability Number

V-74859

Group Title

SRG-APP-000440-AS-000167

Rule Version

MQMH-AS-001250

Severity

CAT II

CCI(s)

CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.

Weight

Fix Recommendation

To access the MQ Appliance CLI, for each queue manager, enter:

mqcli

runmqsc [queue manager name]
ALTER QMGR SSLFIPS(YES)
end

Check Contents

To access the MQ Appliance CLI, enter:
mqcli

To identify the queue managers, enter:
dspmq

For each queue manager identified, run the command:
runmqsc [queue name]

DIS QMGR SSLFIPS

If the value of "SSLFIPS" is set to "NO", this is a finding.

The MQ Appliance messaging server must employ approved cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments