) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
IBM MQ Appliance v9-0 STIG V1 Checklist Details (Checklist Revisions)
NOTE
This is not the current revision of this Checklist, view the current revision.
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - IBM MQ Appliance v9-0 AS STIG V1
- Defense Information Systems Agency
-
Download Standalone XCCDF 1.1.4 - IBM MQ Appliance v9-0 NDM STIG V1
- Defense Information Systems Agency
Target:
| Target | CPE Name |
|---|---|
| IBM MQ Appliance v9-0 | cpe:/a:ibm:mq_appliance:9.0 (View CVEs) |
Checklist Highlights
- Checklist Name:
- IBM MQ Appliance v9-0 STIG
- Checklist ID:
- 772
- Version:
- V1
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 06/05/2017
Checklist Summary:
The IBM MQ Appliance AS Security Technical Implementation Guide (STIG) provides the technical security policies, requirements, and implementation details for configuring the IBM MQ Messaging Hub Appliance running MQ version 9.0 via the management Web Graphical User Interface (GUI) as well as via the SSH-oriented command line or CLI. The IBM MQ Appliance NDM STIG addresses the secure configuration of the administration management aspect of the MQ product, while the IBM MQ Appliance AS STIG addresses the secure configuration of the actual message queues that are configured to send and receive messages. IBM MQ is messaging middleware that uses message queues to facilitate exchanges of information between applications. MQ messaging is offered in two forms: as software that can be installed on an existing or new OS installation and as a physical appliance that has the MQ product pre-installed and ready to deploy into the network infrastructure.
Checklist Role:
- Application Server
Known Issues:
Not provided.
Target Audience:
Not provided.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
DoD Instruction (DoDI) 8500.01 requires that “all IT that receives, processes, stores, displays, or transmits DoD information will be […] configured […] consistent with applicable DoD cybersecurity policies, standards, and architectures” and tasks that Defense Information Systems
Comments/Warnings/Miscellaneous:
Not provided.
Disclaimer:
All technical NIST SP 800-53 requirements were considered while developing this STIG. Requirements that are applicable and configurable will be included in the final STIG. A report marked For Official Use Only (FOUO) will be available for those items that did not meet requirements. This report will be available to component Authorizing Official (AO) personnel for risk assessment purposes by request via email to: disa.stig_spt@mail.mil.
Product Support:
Not provided.
Point of Contact:
Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. DISA will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
New Checklist - 06/27/2017 Updated URL to reflect change to the DISA website - http --> https Moved to FINAL - 08/29/2017
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|---|
| https://iasecontent.disa.mil/stigs/pdf/U_IBM_MQ_Appliance_V9-0_V1R1_STIG_Release_Memo.pdf | IBM MQ Appliance v9-0 STIG V1 Release Memo |
| https://iasecontent.disa.mil/stigs/zip/U_IBM_MQ_Appliance_v9-0_V1R1_Overview.zip | IBM MQ Appliance v9-0 STIG Overview |