IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
In the event the authentication server is unavailable, the MQ Appliance must provide one local account created for emergency administration use.
<VulnDiscussion>Authentication for administrative (privileged level) access to the MQ Appliance is required at all times. An account can be c...Rule Medium Severity -
SRG-APP-000149-NDM-000247
<GroupDescription></GroupDescription>Group -
The MQ Appliance network device must use multifactor authentication for network access to privileged accounts.
<VulnDiscussion>Multifactor authentication requires using two or more factors to achieve authenticated access to the MQ Appliance. Factors in...Rule Medium Severity -
SRG-APP-000156-NDM-000250
<GroupDescription></GroupDescription>Group -
When connecting to the MQ Appliance network device using the WebGUI, it must implement replay-resistant authentication mechanisms for network access to privileged accounts.
<VulnDiscussion>A replay attack may enable an unauthorized user to gain access to the MQ Appliance. Authentication sessions between the authe...Rule Medium Severity -
SRG-APP-000164-NDM-000252
<GroupDescription></GroupDescription>Group -
The MQ Appliance network device must enforce a minimum 15-character password length.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-APP-000165-NDM-000253
<GroupDescription></GroupDescription>Group -
WebGUI access to the MQ Appliance network device must accept Personal Identity Verification (PIV) credentials.
<VulnDiscussion>The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the us...Rule Medium Severity -
The MQ Appliance network device must prohibit password reuse for a minimum of five generations.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.