STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

Administrative accounts for device management must be configured on the authentication server and not the MQ Appliance network device itself (except for the emergency administration account).

DISA Rule

SV-89691r1_rule

Vulnerability Number

V-75017

Group Title

SRG-APP-000516-NDM-000336

Rule Version

MQMH-ND-001450

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-000370 - The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components.

Weight

10

Fix Recommendation

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Set Authentication Method to LDAP.

Configure LDAP server connection requirements as required.

Specify one privileged Fallback user.

Remove unauthorized Fallback users or admin accounts.

Check Contents

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Verify only one Fallback user is specified.

If administrative accounts other than the Fallback user are on the local MQ appliance, this is a finding.

Vulnerability Number

V-75017

Documentable

False

Rule Version

MQMH-ND-001450

Severity Override Guidance

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.

Verify the Authentication Method is set to LDAP.

Verify only one Fallback user is specified.

If administrative accounts other than the Fallback user are on the local MQ appliance, this is a finding.

Check Content Reference

M

Target Key

3243

Comments