STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

Authorization for access to the MQ Appliance network device must enforce a 60-day maximum password lifetime restriction.

DISA Rule

SV-89635r1_rule

Vulnerability Number

V-74961

Group Title

SRG-APP-000174-NDM-000261

Rule Version

MQMH-ND-000660

Severity

CAT II

CCI(s)

• CCI-000199 - The information system enforces maximum password lifetime restrictions.

Weight

10

Fix Recommendation

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Set Authentication Method to LDAP.

Configure LDAP connection as required.

Expand Password Policy.

Check the "Enable Aging" check box.

Check Contents

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Expand Password Policy.

Verify the (local) Password Policy Enable Aging check box is selected.

If MQ is not set to LDAP authentication or if the local password policy is not configured to meet the requirement, this is a finding.

Vulnerability Number

V-74961

Documentable

False

Rule Version

MQMH-ND-000660

Severity Override Guidance

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Expand Password Policy.

Verify the (local) Password Policy Enable Aging check box is selected.

If MQ is not set to LDAP authentication or if the local password policy is not configured to meet the requirement, this is a finding.

Check Content Reference

M

Target Key

3243

Comments