zOS WebsphereMQ for TSS Security Technical Implementation Guide

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

zOS WebsphereMQ for TSS Security Technical Implementation Guide

Overview

Version	Date	Finding Count (17)			Downloads
6	2022-10-10 2020-06-25 2020-06-25 2020-06-25 2020-06-25 2020-06-25 2021-12-15 2021-12-15 2021-12-15	CAT I (High): 2	CAT II (Med): 15	CAT III (Low): 0	Excel	JSON	XML

STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC III - Administrative Sensitive)

Finding ID	Severity	Title	Description
V-225623	High	WebSphere MQ channel security must be implemented in accordance with security requirements.	WebSphere MQ Channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. Secure Sockets Layer (SSL) uses encryption techniques,...
V-225630	High	Websphere MQ switch profiles must be properly defined to the MQADMIN class.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225633	Medium	WebSphere MQ queue resource defined to the MQQUEUE resource class are not protected in accordance with security requirements.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225632	Medium	WebSphere MQ dead letter and alias dead letter queues are not properly defined.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225631	Medium	WebSphere MQ MQCONN Class resources must be protected properly.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225624	Medium	WebSphere MQ channel security is not implemented in accordance with security requirements.	WebSphere MQ channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. WebSphere MQ channels use SSL encryption techniques,...
V-225625	Medium	Production WebSphere MQ Remotes must utilize Certified Name Filters (CNF).	IBM WebSphere MQ can use a user ID associated with an ACP certificate as a channel user ID. When an entity at one end of an SSL channel receives a certificate from a remote connection, the entity...
V-225626	Medium	User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements.	Users signed on to a WebSphere MQ queue manager could leave their terminals unattended for long periods of time. This may allow unauthorized individuals to gain access to WebSphere MQ resources...
V-225627	Medium	WebSphere MQ started tasks are not defined in accordance with the proper security requirements.	Started tasks are used to execute WebSphere MQ queue manager services. Improperly defined WebSphere MQ started tasks may result in inappropriate access to application resources and the loss of...
V-225628	Medium	WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted.	MVS data sets provide the configuration, operational, and executable properties of WebSphere MQ. Some data sets are responsible for the security implementation of WebSphere MQ. Failure to properly...
V-225629	Medium	WebSphere MQ security class(es) is(are) defined improperly.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225639	Medium	WebSphere MQ RESLEVEL resources in the MQADMIN resource class are not protected in accordance with security requirements.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225634	Medium	WebSphere MQ Process resources are not protected in accordance with security requirements.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225635	Medium	WebSphere MQ Namelist resources are not protected in accordance with security requirements.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225638	Medium	WebSphere MQ command resources defined to MQCMDS resource class are not protected in accordance with security requirements.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225637	Medium	WebSphere MQ context resources defined to the MQADMIN resource class are not protected in accordance with security requirements.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...
V-225636	Medium	WebSphere MQ alternate user resources defined to MQADMIN resource class are not protected in accordance with security requirements.	WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security...