IBM MQ Appliance V9.0 AS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The MQ Appliance messaging server must automatically terminate a SSH user session after organization-defined conditions or trigger events requiring a session disconnect.
<VulnDiscussion>An attacker can take advantage of CLI user sessions that are left open, thus bypassing the user authentication process. To t...Rule Medium Severity -
SRG-APP-000295-AS-000263
<GroupDescription></GroupDescription>Group -
The MQ Appliance must automatically terminate a WebGUI user session after 600 seconds of idle time.
<VulnDiscussion>An attacker can take advantage of WebGUI user sessions that are left open, thus bypassing the user authentication process. T...Rule Medium Severity -
The MQ Appliance messaging server must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
<VulnDiscussion>Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products t...Rule Medium Severity -
SRG-APP-000514-AS-000137
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.
<VulnDiscussion>Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certifica...Rule Medium Severity -
SRG-APP-000435-AS-000069
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server, when categorized as a high level system, must be in a high-availability (HA) cluster.
<VulnDiscussion>A high level system is a system that handles data vital to the organization's operational readiness or effectiveness of deplo...Rule Medium Severity -
SRG-APP-000014-AS-000009
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server must use encryption strength in accordance with the categorization of the management data during remote access management sessions.
<VulnDiscussion>Remote management access is accomplished by leveraging common communication protocols and establishing a remote connection to...Rule Medium Severity -
SRG-APP-000515-AS-000203
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server must, at a minimum, transfer the logs of interconnected systems in real time, and transfer the logs of standalone systems weekly.
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is ...Rule Medium Severity -
The MQ Appliance messaging server must provide centralized management and configuration of the content to be captured in log records generated by all application components.
<VulnDiscussion>A clustered messaging server is made up of several servers working together to provide the user a failover and increased comp...Rule Medium Severity -
SRG-APP-000440-AS-000167
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server must employ approved cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.
<VulnDiscussion>Preventing the disclosure or modification of transmitted information requires that messaging servers take measures to employ ...Rule Medium Severity -
SRG-APP-000439-AS-000274
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
<VulnDiscussion>During the initial setup of a Transport Layer Security (TLS) connection to the messaging server, the client sends a list of s...Rule Medium Severity -
SRG-APP-000439-AS-000155
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
<VulnDiscussion>Preventing the disclosure of transmitted information requires that the messaging server take measures to employ some form of ...Rule Medium Severity -
SRG-APP-000095-AS-000056
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.