UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

zOS WebsphereMQ for TSS Security Technical Implementation Guide


Overview

Date Finding Count (17)
2021-12-15 CAT I (High): 2 CAT II (Med): 15 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-225623 High WebSphere MQ channel security must be implemented in accordance with security requirements.
V-225630 High Websphere MQ switch profiles must be properly defined to the MQADMIN class.
V-225633 Medium WebSphere MQ queue resource defined to the MQQUEUE resource class are not protected in accordance with security requirements.
V-225632 Medium WebSphere MQ dead letter and alias dead letter queues are not properly defined.
V-225631 Medium WebSphere MQ MQCONN Class resources must be protected properly.
V-225624 Medium WebSphere MQ channel security is not implemented in accordance with security requirements.
V-225625 Medium Production WebSphere MQ Remotes must utilize Certified Name Filters (CNF)
V-225626 Medium User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements.
V-225627 Medium WebSphere MQ started tasks are not defined in accordance with the proper security requirements.
V-225628 Medium WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted
V-225629 Medium WebSphere MQ security class(es) is(are) defined improperly.
V-225639 Medium WebSphere MQ RESLEVEL resources in the MQADMIN resource class are not protected in accordance with security requirements.
V-225634 Medium WebSphere MQ Process resources are not protected in accordance with security requirements.
V-225635 Medium WebSphere MQ Namelist resources are not protected in accordance with security requirements.
V-225638 Medium WebSphere MQ command resources defined to MQCMDS resource class are not protected in accordance with security requirements.
V-225637 Medium WebSphere MQ context resources defined to the MQADMIN resource class are not protected in accordance with security requirements.
V-225636 Medium WebSphere MQ alternate user resources defined to MQADMIN resource class are not protected in accordance with security requirements.