IBM MQ Appliance V9.0 AS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The MQ Appliance messaging server must automatically terminate a SSH user session after organization-defined conditions or trigger events requiring a session disconnect.
<VulnDiscussion>An attacker can take advantage of CLI user sessions that are left open, thus bypassing the user authentication process. To t...Rule Medium Severity -
SRG-APP-000295-AS-000263
<GroupDescription></GroupDescription>Group -
The MQ Appliance must automatically terminate a WebGUI user session after 600 seconds of idle time.
<VulnDiscussion>An attacker can take advantage of WebGUI user sessions that are left open, thus bypassing the user authentication process. T...Rule Medium Severity -
The MQ Appliance messaging server must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
<VulnDiscussion>Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products t...Rule Medium Severity -
SRG-APP-000514-AS-000137
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.
<VulnDiscussion>Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certifica...Rule Medium Severity -
SRG-APP-000435-AS-000069
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server, when categorized as a high level system, must be in a high-availability (HA) cluster.
<VulnDiscussion>A high level system is a system that handles data vital to the organization's operational readiness or effectiveness of deplo...Rule Medium Severity -
SRG-APP-000014-AS-000009
<GroupDescription></GroupDescription>Group -
The MQ Appliance messaging server must use encryption strength in accordance with the categorization of the management data during remote access management sessions.
<VulnDiscussion>Remote management access is accomplished by leveraging common communication protocols and establishing a remote connection to...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.