The MQ Appliance network device must prohibit the use of cached authenticators after an organization-defined time period.
An XCCDF Rule
Description
Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out of date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators.
- ID
- SV-89679r1_rule
- Version
- MQMH-ND-001240
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings.
Set Authentication Method to LDAP. Limit cache settings to an organization-defined time period.
Configure other LDAP connection settings as required.