Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide
SRG-APP-000148-NDM-000346
SRG-APP-000148-NDM-000346
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000148-NDM-000346
1 Rule
<GroupDescription></GroupDescription>
In the event the authentication server is unavailable, the MQ Appliance must provide one local account created for emergency administration use.
Medium Severity
<VulnDiscussion>Authentication for administrative (privileged level) access to the MQ Appliance is required at all times. An account can be created on the device's local database for use in an emergency, such as when the authentication server is down or connectivity between the device and the authentication server is not operable. This account is also referred to as the account of last resort since the emergency administration account is strictly intended to be used only as a last resort and immediate administrative access is absolutely necessary. The number of emergency administration accounts is restricted to at least one, but no more than operationally required as determined by the Information System Security Officer (ISSO). The emergency administration account logon credentials must be stored in a sealed envelope and kept in a safe. MQ provides the Fallback user account to provide access to the MQ appliance in the event the centralized authentication server is not available.v</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>