Skip to content
Catalogs
XCCDF
IBM MQ Appliance V9.0 AS Security Technical Implementation Guide
SRG-APP-000395-AS-000109
The MQ Appliance messaging server must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
The MQ Appliance messaging server must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based. An XCCDF Rule
The MQ Appliance messaging server must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
High Severity
<VulnDiscussion>Device authentication requires unique identification and authentication that may be defined by type, by specific device, or by a combination of type and device.
Bidirectional authentication provides stronger safeguards to validate the identity of other devices for connections that are of greater risk.
Device authentication is performed when the messaging server is providing web services capabilities and data protection requirements mandate the need to establish the identity of the connecting device before the connection is established.
The most common way devices (endpoints) may connect an MQ Appliance MQ queue manager is as an MQ client. In order to ensure unique identification of network-connected devices, mutual authentication using CA-signed TLS certificates must be configured.
Note: Following are the cipher specs available for MQ: https://ibm.biz/BdrJGp</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>