The MQ Appliance SSH interface to the messaging server must prohibit the use of cached authenticators after 600 seconds.
An XCCDF Rule
Description
<VulnDiscussion>When the messaging server is using PKI authentication, a local revocation cache must be stored for instances when the revocation cannot be authenticated through the network, but if cached authentication information is out of date, the validity of the authentication information may be questionable.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-89489r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
In the MQ Appliance WebGUI, Go to Administration (gear icon) >> Access >> RBM Settings.
Limit cache settings to "600" seconds.