STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance network device must notify the administrator of changes to access and/or privilege parameters of the administrator account that occurred since the last logon.

DISA Rule

SV-89607r1_rule

Vulnerability Number

V-74933

Group Title

SRG-APP-000079-NDM-000219

Rule Version

MQMH-ND-000200

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001395 - The information system notifies the user of changes to organization-defined security-related characteristics/parameters of the user^s account that occur during the organization-defined time period.

Weight

10

Fix Recommendation

Log on to the MQ Appliance CLI as a privileged user.

Configure a syslog target by using the command line interface (CLI).

To enter global configuration mode, enter "config".

To create a syslog target, enter:
logging target <logging target name>
type syslog
admin-state enabled
local-address <MQ Appliance IP>
remote-address <syslog server IP>
remote-port <syslog server port>
event audit info
event auth notice
event mgmt notice
event cli notice
event user notice
event system error
exit
write mem
y

Check Contents

Log on to the MQ Appliance CLI as a privileged user.

Enter:
co
show logging target

All configured logging targets will be displayed. Verify:
- This list includes a remote syslog notification target; and
- It includes all of the following log event source and log-level parameters:
event audit info
event auth notice
event mgmt notice
event cli notice
event user notice
event system error

In the WebGUI, Administration (gear icon) >> Access >> User Account, add a user.

Verify the administrator receives notification of this event.

If the event notifications are not configured, this is a finding.

Vulnerability Number

V-74933

Documentable

False

Rule Version

MQMH-ND-000200

Severity Override Guidance

Log on to the MQ Appliance CLI as a privileged user.

Enter:
co
show logging target

All configured logging targets will be displayed. Verify:
- This list includes a remote syslog notification target; and
- It includes all of the following log event source and log-level parameters:
event audit info
event auth notice
event mgmt notice
event cli notice
event user notice
event system error

In the WebGUI, Administration (gear icon) >> Access >> User Account, add a user.

Verify the administrator receives notification of this event.

If the event notifications are not configured, this is a finding.

Check Content Reference

M

Target Key

3243

Comments