STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance network device must generate unique session identifiers using a FIPS 140-2 approved random number generator.

DISA Rule

SV-89655r1_rule

Vulnerability Number

V-74981

Group Title

SRG-APP-000224-NDM-000270

Rule Version

MQMH-ND-000790

Severity

CAT II

CCI(s)

CCI-001188 - The information system generates unique session identifiers for each session with organization-defined randomness requirements.

Weight

Fix Recommendation

Log on to the MQ Appliance CLI as a privileged user. Enable FIPS 140-2 Level 1 mode at the next reload of the firmware.

Enter:
config
crypto
crypto-mode-set fips-140-2-l1

The following message will appear:
"Crypto Mode Successfully set to fips-140-2-l1 for next boot."

Reboot MQ appliance.

Check Contents

Log on to the MQ Appliance CLI as a privileged user.

Enter:
config
crypto
show crypto-mode

If the result is not fips-140-2-l1, this is a finding.

Vulnerability Number

V-74981

Documentable

False

Rule Version

MQMH-ND-000790

Severity Override Guidance

Log on to the MQ Appliance CLI as a privileged user.

Enter:
config
crypto
show crypto-mode

If the result is not fips-140-2-l1, this is a finding.

Check Content Reference

Target Key

3243

The MQ Appliance network device must generate unique session identifiers using a FIPS 140-2 approved random number generator.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments