STIGQter STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance network device must prohibit password reuse for a minimum of five generations.

DISA Rule

SV-89625r1_rule

Vulnerability Number

V-74951

Group Title

SRG-APP-000165-NDM-000253

Rule Version

MQMH-ND-000570

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access> > RBM Settings.

Set Authentication Method to LDAP.

Configure LDAP server connection as required.

Expand Password Policy.

In Password Policy, check the Control Reuse check box and set reuse history to a minimum of "5".

Check Contents

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Expand Password Policy.

Verify the (local) MQ Password Policy Reuse History is set to a minimum of "5".

If MQ is not set to LDAP authentication or if the local password policy is not configured to meet the requirement, this is a finding.

Vulnerability Number

V-74951

Documentable

False

Rule Version

MQMH-ND-000570

Mitigations

MQMH-ND-000570

Severity Override Guidance

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Expand Password Policy.

Verify the (local) MQ Password Policy Reuse History is set to a minimum of "5".

If MQ is not set to LDAP authentication or if the local password policy is not configured to meet the requirement, this is a finding.

Check Content Reference

M

Mitigation Control

In the MQ Appliance WebGUI, go to Administration >> Access >> RBM Settings.

Target Key

3243

Comments