zOS WebsphereMQ for ACF2 Security Technical Implementation Guide

Description

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]

Details

Version / Release: V6R3

Published: 2021-12-14

Updated At: 2022-04-06 01:12:33

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter

Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-224354r811064_rule ZWMQ0011 CCI-000068 HIGH WebSphere MQ channel security must be implemented in accordance with security requirements. WebSphere MQ Channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. Secure Sockets Layer (SSL) uses encryption techniques, digital signatures and digital certificates to provide messag
    SV-224355r520966_rule ZWMQ0012 CCI-002470 MEDIUM WebSphere MQ channel security is not implemented in accordance with security requirements. WebSphere MQ channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. WebSphere MQ channels use SSL encryption techniques, digital signatures and digital certificates to provide message
    SV-224356r520969_rule ZWMQ0014 CCI-001133 MEDIUM Production WebSphere MQ Remotes must utilize Certified Name Filters (CNF) IBM Websphere MQ can use a user ID associated with an ACP certificate as a channel user ID. When an entity at one end of an SSL channel receives a certificate from a remote connection, the entity asks The ACP if there is a user ID associated with that ce
    SV-224357r520972_rule ZWMQ0020 CCI-001133 MEDIUM User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements. Users signed on to a WebSphere MQ queue manager could leave their terminals unattended for long periods of time. This may allow unauthorized individuals to gain access to WebSphere MQ resources and application data. This exposure could compromise the av
    SV-224358r520975_rule ZWMQ0030 CCI-000764 MEDIUM WebSphere MQ started tasks are not defined in accordance with the proper security requirements. Started tasks are used to execute WebSphere MQ queue manager services. Improperly defined WebSphere MQ started tasks may result in inappropriate access to application resources and the loss of accountability. This exposure could compromise the availabil
    SV-224359r520978_rule ZWMQ0040 CCI-001499 MEDIUM WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted MVS data sets provide the configuration, operational, and executable properties of WebSphere MQ. Some data sets are responsible for the security implementation of WebSphere MQ. Failure to properly protect these data sets may lead to unauthorized access.
    SV-224360r520981_rule ZWMQ0049 CCI-000213 MEDIUM WebSphere MQ resource classes are not properly activated. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224361r520984_rule ZWMQ0051 CCI-000213 HIGH Websphere MQ switch profiles must be properly defined to the MQADMIN class. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224362r520987_rule ZWMQ0052 CCI-000213 MEDIUM WebSphere MQ MQCONN Class resources must be protected in accordance with security. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224363r520990_rule ZWMQ0053 CCI-000764 MEDIUM WebSphere MQ dead letter and alias dead letter queues are not properly defined. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224364r520993_rule ZWMQ0054 CCI-000213 MEDIUM WebSphere MQ queue resource defined to the MQQUEUE resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224365r520996_rule ZWMQ0055 CCI-000213 MEDIUM WebSphere MQ Process resources are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224366r520999_rule ZWMQ0056 CCI-000213 MEDIUM WebSphere MQ Namelist resources are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224367r521002_rule ZWMQ0057 CCI-000213 MEDIUM WebSphere MQ alternate user resources defined to MQADMIN resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224368r521005_rule ZWMQ0058 CCI-000213 MEDIUM WebSphere MQ context resources defined to the MQADMIN resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224369r521008_rule ZWMQ0059 CCI-000213 MEDIUM WebSphere MQ command resources defined to MQCMDS resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc
    SV-224370r521011_rule ZWMQ0060 CCI-001762 MEDIUM WebSphere MQ RESLEVEL resources in the MQADMIN resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resourc