I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000015-AS-000010
Group -
The MQ Appliance messaging server must implement cryptography mechanisms to protect the integrity of the remote access session.
Encryption is critical for protection of remote access sessions. If encryption is not being used for integrity, malicious users may gain the ability to modify the messaging server configuration. Th...Rule Medium Severity -
SRG-APP-000358-AS-000064
Group -
The MQ Appliance messaging server must off-load log records onto a different system or media from the system being logged.
Information system logging capability is critical for accurate forensic analysis. Log record content that may be necessary to satisfy the requirement of this control includes, but is not limited to...Rule Medium Severity -
SRG-APP-000372-AS-000212
Group -
The MQ Appliance messaging server must synchronize internal MQ Appliance messaging server clocks to an authoritative time source when the time difference is greater than the organization-defined time period.
Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events. Synchronization of internal messagin...Rule Low Severity -
SRG-APP-000371-AS-000077
Group -
The MQ Appliance messaging server must compare internal MQ Appliance messaging server clocks at least every 24 hours with an authoritative time source.
Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events. Synchronization of system clocks is ...Rule Low Severity -
SRG-APP-000416-AS-000140
Group -
The MQ Appliance messaging server must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to pr...Rule Medium Severity -
SRG-APP-000400-AS-000246
Group -
The MQ Appliance WebGUI interface to the messaging server must prohibit the use of cached authenticators after one hour.
When the messaging server is using PKI authentication, a local revocation cache must be stored for instances when the revocation cannot be authenticated through the network, but if cached authentic...Rule Medium Severity -
SRG-APP-000359-AS-000065
Group -
The MQ Appliance messaging server must provide an immediate warning to the SA and ISSO, at a minimum, when allocated log record storage volume reaches 75% of maximum log record storage capacity.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process logs as required. Log processing failures include software/hardware errors, failures in the lo...Rule Medium Severity -
SRG-APP-000295-AS-000263
Group -
The MQ Appliance messaging server must automatically terminate a SSH user session after organization-defined conditions or trigger events requiring a session disconnect.
An attacker can take advantage of CLI user sessions that are left open, thus bypassing the user authentication process. To thwart the vulnerability of open and unused user sessions, the messaging ...Rule Medium Severity -
SRG-APP-000295-AS-000263
Group -
The MQ Appliance must automatically terminate a WebGUI user session after 600 seconds of idle time.
An attacker can take advantage of WebGUI user sessions that are left open, thus bypassing the user authentication process. To thwart the vulnerability of open and unused user sessions, the messagi...Rule Medium Severity -
SRG-APP-000400-AS-000246
Group -
The MQ Appliance SSH interface to the messaging server must prohibit the use of cached authenticators after 600 seconds.
When the messaging server is using PKI authentication, a local revocation cache must be stored for instances when the revocation cannot be authenticated through the network, but if cached authentic...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.