Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-74835 | MQMH-AS-000830 | SV-89509r1_rule | Medium |
Description |
---|
Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certificates are used for business-to-business transactions. Utilizing unapproved certificates not issued or approved by DoD or CNS creates an integrity risk. The messaging server must utilize approved DoD or CNS Class 3 or Class 4 certificates for software signing and business-to-business transactions. |
STIG | Date |
---|---|
IBM MQ Appliance V9.0 AS Security Technical Implementation Guide | 2017-06-09 |
Check Text ( C-74693r1_chk ) |
---|
From the MQ Appliance WebGUI, click on the Administration (gear) icon. Click on Main >> File Management. Click on the cert directory. Click on the "Details" action to the right of each cert to display its attributes. Verify that each certificate attribute meets organizationally approved requirements. If any certificates have not been issued by a DoD- or CNSS-approved PKI CA, this is a finding. |
Fix Text (F-81451r1_fix) |
---|
Install approved certificates that have been issued by a DoD CA. |