STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

In the event the authentication server is unavailable, the MQ Appliance must provide one local account created for emergency administration use.

DISA Rule

SV-89617r1_rule

Vulnerability Number

V-74943

Group Title

SRG-APP-000148-NDM-000346

Rule Version

MQMH-ND-000490

Severity

CAT II

CCI(s)

• CCI-001358 - The organization establishes privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles.
• CCI-002111 - The organization identifies and selects the organization-defined information system account types of information system accounts which support organizational missions/business functions.

Weight

10

Fix Recommendation

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Set Authentication Method to LDAP.

Configure one Fallback user.

Configure the LDAP connection as required.

Check Contents

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Verify at least one Fallback user is configured.

If MQ authentication is not set to LDAP and if the Fallback user is not created, this is a finding.

Vulnerability Number

V-74943

Documentable

False

Rule Version

MQMH-ND-000490

Severity Override Guidance

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Verify at least one Fallback user is configured.

If MQ authentication is not set to LDAP and if the Fallback user is not created, this is a finding.

Check Content Reference

M

Target Key

3243

Comments