STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must utilize FIPS 140-2 approved encryption modules when authenticating users and processes.

DISA Rule

SV-89593r1_rule

Vulnerability Number

V-74919

Group Title

SRG-APP-000179-AS-000129

Rule Version

MQMH-AS-001200

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

To access the MQ Appliance CLI, for each queue manager, enter:

mqcli

runmqsc [queue manager name]
ALTER QMGR SSLFIPS(YES)
end

Check Contents

To access the MQ Appliance CLI, enter:
mqcli

To identify the queue managers, enter:
dspmq

For each queue manager identified, run the command:
runmqsc [queue name]

DIS QMGR SSLFIPS

If the value of "SSLFIPS" is set to "NO", this is a finding.

Vulnerability Number

V-74919

Documentable

False

Rule Version

MQMH-AS-001200

Severity Override Guidance

To access the MQ Appliance CLI, enter:
mqcli

To identify the queue managers, enter:
dspmq

For each queue manager identified, run the command:
runmqsc [queue name]

DIS QMGR SSLFIPS

If the value of "SSLFIPS" is set to "NO", this is a finding.

Check Content Reference

M

Target Key

3239

Comments