STIGQter: STIG Summary: IBM MQ Appliance V9.0 AS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The MQ Appliance messaging server must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected (messaging) sessions.

DISA Rule

SV-89703r1_rule

Vulnerability Number

V-75029

Group Title

SRG-APP-000427-AS-000264

Rule Version

MQMH-AS-000790

Severity

CAT II

CCI(s)

• CCI-002470 - The information system only allows the use of organization-defined certificate authorities for verification of the establishment of protected sessions.

Weight

10

Fix Recommendation

Install certificates that have been issued by a DoD CA.

Check Contents

From the MQ Appliance WebGUI, click on the Administration (gear) icon.

Click on Main >> File Management.

Click on the cert directory.

Click on the "Details" action to the right of each cert to display its attributes.

Verify that each certificate attribute meets organizationally approved requirements.

If any certificates have not been issued by a DoD- or CNSS-approved PKI CA, this is a finding.

Vulnerability Number

V-75029

Documentable

False

Rule Version

MQMH-AS-000790

Severity Override Guidance

From the MQ Appliance WebGUI, click on the Administration (gear) icon.

Click on Main >> File Management.

Click on the cert directory.

Click on the "Details" action to the right of each cert to display its attributes.

Verify that each certificate attribute meets organizationally approved requirements.

If any certificates have not been issued by a DoD- or CNSS-approved PKI CA, this is a finding.

Check Content Reference

M

Target Key

3239

Comments