The IBM MQ Appliance AS Security Technical Implementation Guide (STIG) provides the technical security policies, requirements, and implementation details for configuring the IBM MQ Messaging Hub Appliance running MQ version 9.0 via the management Web Graphical User Interface (GUI) as well as via the SSH-oriented command line or CLI. The IBM MQ Appliance NDM STIG addresses the secure configuration of the administration management aspect of the MQ product, while the IBM MQ Appliance AS STIG addresses the secure configuration of the actual message queues that are configured to send and receive messages.
IBM MQ is messaging middleware that uses message queues to facilitate exchanges of information between applications. MQ messaging is offered in two forms: as software that can be installed on an existing or new OS installation and as a physical appliance that has the MQ product pre-installed and ready to deploy into the network infrastructure.
- Specialized Security-Limited Functionality (SSLF)
DoD Instruction (DoDI) 8500.01 requires that “all IT that receives, processes, stores, displays, or transmits DoD information will be […] configured […] consistent with applicable DoD cybersecurity policies, standards, and architectures” and tasks that Defense Information Systems
All technical NIST SP 800-53 requirements were considered while developing this STIG. Requirements that are applicable and configurable will be included in the final STIG. A report marked For Official Use Only (FOUO) will be available for those items that did not meet requirements. This report will be available to component Authorizing Official (AO) personnel for risk assessment purposes by request via email to: firstname.lastname@example.org.
Comments or proposed revisions to this document should be sent via email to the following address: email@example.com. DISA will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.
New Checklist - 06/27/2017
Updated URL to reflect change to the DISA website - http --> https
Moved to FINAL - 08/29/2017
Updated URLs - 6/6/19
NIST checklist record last modified on 06/07/2019