STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance network device must terminate shared/group account credentials when members leave the group.

DISA Rule

SV-89663r1_rule

Vulnerability Number

V-74989

Group Title

SRG-APP-000317-NDM-000282

Rule Version

MQMH-ND-000910

Severity

CAT II

CCI(s)

CCI-002142 - The information system terminates shared/group account credentials when members leave the group.

Weight

Fix Recommendation

Log on to the MQ appliance WebGUI as an admin user. Click Administration (gear icon) >> Access. Select User Account and User Group options.

Configure no local accounts other than the Fallback user emergency account.

Change the local Fallback user account password whenever MQ admin team members leave the group or no longer require access.

Check Contents

Log on to the MQ appliance WebGUI as an admin user. Click Administration (gear icon) >> Access. Select User Account and User Group options.

Review user names that are displayed.

Local user accounts should not be shared. The only exception is the local "Fallback" user account of last resort, which is used for emergency access.

Verify that no user accounts other than the designated Fallback user emergency account exist or are shared.

Verify the local Fallback user password is changed whenever MQ administrators leave the team and no longer have a need to access the MQ device.

If any user accounts other than the Fallback user exist or are shared, or if the local Fallback user password is not changed when MQ admins leave the team/group, this is a finding.

The MQ Appliance network device must terminate shared/group account credentials when members leave the group.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments