The MQ Appliance WebGUI interface to the messaging server must prohibit the use of cached authenticators after one hour.

An XCCDF Rule

Description

<VulnDiscussion>When the messaging server is using PKI authentication, a local revocation cache must be stored for instances when the revocation cannot be authenticated through the network, but if cached authentication information is out of date, the validity of the authentication information may be questionable.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-89423r1_rule
Severity: Medium
References: CCI-002007
Updated: about 1 year ago

Display the SSL Server Profile associated with the WebGUI (CLI).
Enter:
co
show web-mgmt

[Note the name of the ssl-server]
Define the cache parameters of the SSL Server using the CLI.
Enter:
co
crypto
ssl-server <ssl-server name>
caching on
cache-timeout <3600>
exit
exit
write mem
y

The MQ Appliance WebGUI interface to the messaging server must prohibit the use of cached authenticators after one hour.

Description

Remediation - Manual Procedure