The MQ Appliance SSH interface to the messaging server must prohibit the use of cached authenticators after 600 seconds.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-74815 | MQMH-AS-000730 | SV-89489r1_rule | Medium |
| Description |
|---|
| When the messaging server is using PKI authentication, a local revocation cache must be stored for instances when the revocation cannot be authenticated through the network, but if cached authentication information is out of date, the validity of the authentication information may be questionable. |
| STIG | Date |
|---|---|
| IBM MQ Appliance V9.0 AS Security Technical Implementation Guide | 2017-06-09 |
Details
| Check Text ( C-74673r1_chk ) |
|---|
| In the MQ Appliance WebGUI, Go to Administration (gear icon) >> Access >> RBM Settings. Verify that cache setting is defined and specifies "600" seconds. If the time period is not set to "600" seconds, this is a finding. |
| Fix Text (F-81431r1_fix) |
|---|
| In the MQ Appliance WebGUI, Go to Administration (gear icon) >> Access >> RBM Settings. Limit cache settings to "600" seconds. |