STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must use an enterprise user management system to uniquely identify and authenticate users (or processes acting on behalf of organizational users).

DISA Rule

SV-89579r1_rule

Vulnerability Number

V-74905

Group Title

SRG-APP-000148-AS-000101

Rule Version

MQMH-AS-001090

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Specify LDAP as the authentication method for each queue manager.

To access the MQ Appliance CLI, enter:
mqcli

runmqsc [queue manager name]

DEFINE AUTHINFO(USE.LDAP)
AUTHTYPE(CRLLDAP)
CONNAME('[host name1(port)],[host name1(port)]')

ALTER QMGR CONNAUTH('USE.LDAP')
REFRESH SECURITY TYPE(CONNAUTH)

Enter "end" to exit runmqsc mode.

Check Contents

To access the MQ Appliance CLI, enter:
mqcli

To identify the queue managers, enter:
dspmq

For each queue manager identified, run the command:
runmqsc [queue name]

DIS AUTHINFO(USE.LDAP)

Verify that "AUTHINFO(USE.LDAP)" is displayed under authentication information details.

If "IBM MQ Appliance object USE.LDAP not found" is displayed, this is a finding.

Vulnerability Number

V-74905

Documentable

False

Rule Version

MQMH-AS-001090

Severity Override Guidance

To access the MQ Appliance CLI, enter:
mqcli

To identify the queue managers, enter:
dspmq

For each queue manager identified, run the command:
runmqsc [queue name]

DIS AUTHINFO(USE.LDAP)

Verify that "AUTHINFO(USE.LDAP)" is displayed under authentication information details.

If "IBM MQ Appliance object USE.LDAP not found" is displayed, this is a finding.

Check Content Reference

M

Target Key

3239

Comments