II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000456-AS-000266
Group -
The MQ Appliance messaging server must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (incl...Rule Medium Severity -
SRG-APP-000514-AS-000137
Group -
The MQ Appliance messaging server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.
Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certificates are used for business-to-business transactions. Utilizing unapproved...Rule Medium Severity -
SRG-APP-000435-AS-000069
Group -
The MQ Appliance messaging server, when categorized as a high level system, must be in a high-availability (HA) cluster.
A high level system is a system that handles data vital to the organization's operational readiness or effectiveness of deployed or contingency forces. A high level system must maintain the highes...Rule Medium Severity -
SRG-APP-000014-AS-000009
Group -
The MQ Appliance messaging server must use encryption strength in accordance with the categorization of the management data during remote access management sessions.
Remote management access is accomplished by leveraging common communication protocols and establishing a remote connection to the messaging server via a network for the purposes of managing the mes...Rule Medium Severity -
SRG-APP-000515-AS-000203
Group -
The MQ Appliance messaging server must, at a minimum, transfer the logs of interconnected systems in real time, and transfer the logs of standalone systems weekly.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is important during a forensic investigation to ensure investigators can tr...Rule Medium Severity -
SRG-APP-000356-AS-000202
Group -
The MQ Appliance messaging server must provide centralized management and configuration of the content to be captured in log records generated by all application components.
A clustered messaging server is made up of several servers working together to provide the user a failover and increased computing capability. To facilitate uniform logging in the event of an inci...Rule Medium Severity -
SRG-APP-000440-AS-000167
Group -
The MQ Appliance messaging server must employ approved cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.
Preventing the disclosure or modification of transmitted information requires that messaging servers take measures to employ approved cryptography in order to protect the information during transmi...Rule Medium Severity -
SRG-APP-000439-AS-000274
Group -
The MQ Appliance messaging server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
During the initial setup of a Transport Layer Security (TLS) connection to the messaging server, the client sends a list of supported cipher suites in order of preference. The messaging server wil...Rule Medium Severity -
SRG-APP-000439-AS-000155
Group -
The MQ Appliance messaging server must protect the confidentiality and integrity of transmitted information through the use of an approved TLS version.
Preventing the disclosure of transmitted information requires that the messaging server take measures to employ some form of cryptographic mechanism in order to protect the information during trans...Rule Medium Severity -
SRG-APP-000095-AS-000056
Group -
The MQ Appliance messaging server must produce log records containing information to establish what type of events occurred.
Information system logging capability is critical for accurate forensic analysis. Without being able to establish what type of event occurred, it would be difficult to establish, correlate, and inv...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.