National Vulnerability Database

National Vulnerability Database

National Vulnerability

IBM MQ Appliance v9-0 STIG V1 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
IBM MQ Appliance v9-0 cpe:/a:ibm:mq_appliance:9.0 (View CVEs)

Checklist Highlights

Checklist Name:
IBM MQ Appliance v9-0 STIG
Checklist ID:
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

The IBM MQ Appliance AS Security Technical Implementation Guide (STIG) provides the technical security policies, requirements, and implementation details for configuring the IBM MQ Messaging Hub Appliance running MQ version 9.0 via the management Web Graphical User Interface (GUI) as well as via the SSH-oriented command line or CLI. The IBM MQ Appliance NDM STIG addresses the secure configuration of the administration management aspect of the MQ product, while the IBM MQ Appliance AS STIG addresses the secure configuration of the actual message queues that are configured to send and receive messages. IBM MQ is messaging middleware that uses message queues to facilitate exchanges of information between applications. MQ messaging is offered in two forms: as software that can be installed on an existing or new OS installation and as a physical appliance that has the MQ product pre-installed and ready to deploy into the network infrastructure.

Checklist Role:

  • Application Server

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Instruction (DoDI) 8500.01 requires that “all IT that receives, processes, stores, displays, or transmits DoD information will be […] configured […] consistent with applicable DoD cybersecurity policies, standards, and architectures” and tasks that Defense Information Systems


Not provided.


All technical NIST SP 800-53 requirements were considered while developing this STIG. Requirements that are applicable and configurable will be included in the final STIG. A report marked For Official Use Only (FOUO) will be available for those items that did not meet requirements. This report will be available to component Authorizing Official (AO) personnel for risk assessment purposes by request via email to:

Product Support:

Not provided.

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address: DISA will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.


Not provided.


Not provided.

Change History:

New Checklist - 06/27/2017
Updated URL to reflect change to the DISA website - http --> https
Moved to FINAL - 08/29/2017
Updated URLs - 6/6/19


URL Description


Reference URL Description IBM MQ Appliance v9-0 STIG V1 Release Memo IBM MQ Appliance v9-0 STIG Overview

NIST checklist record last modified on 06/07/2019