Skip to content

The MQ Appliance SSH interface to the messaging server must prohibit the use of cached authenticators after 600 seconds.

An XCCDF Rule

Description

<VulnDiscussion>When the messaging server is using PKI authentication, a local revocation cache must be stored for instances when the revocation cannot be authenticated through the network, but if cached authentication information is out of date, the validity of the authentication information may be questionable.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-89489r1_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

In the MQ Appliance WebGUI, Go to Administration (gear icon) >> Access >> RBM Settings.

Limit cache settings to "600" seconds.