Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-74991 | MQMH-ND-001010 | SV-89665r1_rule | Medium |
Description |
---|
Administrators need to be aware of activity that occurs regarding their account. Providing them with information deemed important by the organization may aid in the discovery of unauthorized access or thwart a potential attacker. Organizations should consider the risks to the specific information system being accessed and the threats presented by the device to the environment when configuring this option. An excessive or unnecessary amount of information presented to the administrator at logon is not recommended. MQ provides logon information including date, time and source IP information in event logs. A third party log monitoring solution that monitors the logs for unsuccessful logons and corresponding date, time and location information must be utilized to provide the notification. |
STIG | Date |
---|---|
IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide | 2017-06-06 |
Check Text ( C-74843r1_chk ) |
---|
Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. Verify the Authentication Method is set to LDAP. Request third-party log monitoring alarming information that provides the notification alerts regarding logons, dates, times, and source IP addresses. If it is not set to LDAP and third-party alarming notifications are not used, this is a finding. |
Fix Text (F-81607r1_fix) |
---|
Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. Set Authentication Method to LDAP. Configure LDAP connection as required. Configure notification alerts in third party event notification solution. |