II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000266-AS-000168
Group -
The MQ Appliance messaging server must identify potentially security-relevant error conditions.
The structure and content of error messages need to be carefully considered by the organization and development team. Any application providing too much information in error logs and in administrat...Rule Medium Severity -
SRG-APP-000108-AS-000067
Group -
The MQ Appliance messaging server must alert the SA and ISSO, at a minimum, in the event of a log processing failure.
Logs are essential to monitor the health of the system, investigate changes that occurred to the system, or investigate a security incident. When log processing fails, the events during the failure...Rule Medium Severity -
SRG-APP-000435-AS-000163
Group -
The MQ Appliance messaging server must protect against or limit the effects of all types of Denial of Service (DoS) attacks by employing operationally-defined security safeguards.
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. To reduce the...Rule Medium Severity -
SRG-APP-000404-AS-000249
Group -
The MQ Appliance messaging server must accept FICAM-approved third-party credentials.
Access may be denied to legitimate users if FICAM-approved third-party credentials are not accepted. This requirement typically applies to organizational information systems that are accessible to...Rule Low Severity -
SRG-APP-000181-AS-000255
Group -
The MQ Appliance messaging server must provide a log reduction capability that supports on-demand reporting requirements.
The ability to generate on-demand reports, including after the log data has been subjected to log reduction, greatly facilitates the organization's ability to generate incident reports as needed to...Rule Medium Severity -
SRG-APP-000109-AS-000070
Group -
The MQ Appliance messaging server must be configured to fail over to another system in the event of log subsystem failure.
This requirement is dependent upon system MAC and availability. If the system MAC and availability do not specify redundancy requirements, this requirement is NA. It is critical that, when a syste...Rule Medium Severity -
SRG-APP-000225-AS-000154
Group -
The MQ Appliance messaging server must provide a clustering capability.
This requirement is dependent upon system criticality and confidentiality requirements. If the system categorization and confidentiality levels do not specify redundancy requirements, this requirem...Rule Medium Severity -
SRG-APP-000219-AS-000147
Group -
The MQ Appliance messaging server must ensure authentication of both SSH client and server during the entire session.
This control focuses on communications protection at the session, versus packet level. At the application layer, session IDs are tokens generated by web applications to uniquely identify an applic...Rule Medium Severity -
SRG-APP-000158-AS-000108
Group -
The MQ Appliance messaging server must uniquely identify all network-connected endpoint devices before establishing any connection.
Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. For distributed messaging servers and components, the decisions regarding t...Rule Medium Severity -
SRG-APP-000172-AS-000121
Group -
Access to the MQ Appliance messaging server must utilize encryption when using LDAP for authentication.
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords during transmission. Messaging servers have the capability to utilize LDAP directories ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.