Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000403

    <GroupDescription></GroupDescription>
    Group
  • WebSphere MQ channel security is not implemented in accordance with security requirements.

    &lt;VulnDiscussion&gt;WebSphere MQ channel security can be configured to provide authentication, message privacy, and message integrity between que...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Production WebSphere MQ Remotes must utilize Certified Name Filters (CNF).

    &lt;VulnDiscussion&gt;IBM WebSphere MQ can use a user ID associated with an ACP certificate as a channel user ID. When an entity at one end of an S...
    Rule Medium Severity
  • SRG-OS-000163

    <GroupDescription></GroupDescription>
    Group
  • User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements.

    &lt;VulnDiscussion&gt;Users signed on to a WebSphere MQ queue manager could leave their terminals unattended for long periods of time. This may al...
    Rule Medium Severity
  • SRG-OS-000104

    <GroupDescription></GroupDescription>
    Group
  • WebSphere MQ started tasks are not defined in accordance with the proper security requirements.

    &lt;VulnDiscussion&gt;Started tasks are used to execute WebSphere MQ queue manager services. Improperly defined WebSphere MQ started tasks may res...
    Rule Medium Severity
  • SRG-OS-000080

    <GroupDescription></GroupDescription>
    Group
  • WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted.

    &lt;VulnDiscussion&gt;MVS data sets provide the configuration, operational, and executable properties of WebSphere MQ. Some data sets are responsib...
    Rule Medium Severity
  • SRG-OS-000080

    <GroupDescription></GroupDescription>
    Group
  • WebSphere MQ security class(es) is(are) defined improperly.

    &lt;VulnDiscussion&gt;WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and nameli...
    Rule Medium Severity
  • SRG-OS-000080

    <GroupDescription></GroupDescription>
    Group
  • Websphere MQ switch profiles must be properly defined to the MQADMIN class.

    &lt;VulnDiscussion&gt;WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and nameli...
    Rule High Severity
  • SRG-OS-000080

    <GroupDescription></GroupDescription>
    Group
  • WebSphere MQ MQCONN Class resources must be protected properly.

    &lt;VulnDiscussion&gt;WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and nameli...
    Rule Medium Severity
  • SRG-OS-000104

    <GroupDescription></GroupDescription>
    Group
  • WebSphere MQ dead letter and alias dead letter queues are not properly defined.

    &lt;VulnDiscussion&gt;WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and nameli...
    Rule Medium Severity
  • SRG-OS-000080

    <GroupDescription></GroupDescription>
    Group
  • WebSphere MQ queue resource defined to the MQQUEUE resource class are not protected in accordance with security requirements.

    &lt;VulnDiscussion&gt;WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and nameli...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules