Documentation - V-225624

V-225624

zOS WebSphere MQ for TSS Security Technical Implementation Guide

CAT II

Title

WebSphere MQ channel security is not implemented in accordance with security requirements.

Description

<VulnDiscussion>WebSphere MQ channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. WebSphere MQ channels use SSL encryption techniques, digital signatures and digital certificates to provide message privacy, message integrity and mutual authentication between clients and servers. Failure to properly secure a WebSphere MQ channel may lead to unauthorized access. This exposure could compromise the availability, integrity, and ...

Fix Text (Documentation Requirement)

Refer to the following report produced by the z/OS Data Collection: - MQSRPT(ssid). Note: ssid is the queue manager name (a.k.a., subsystem identifier). Find the DISPLAY QMGR SSLKEYR command to locate the start of the queue manager definitions. Verify that each WebSphere MQ queue manager is using a digital certificate by reviewing the SSLKEYR parameter to ensure that a keyring is identified - i.e., SSLKEYR(sslkeyring-id) Issue the following TSS commands, where ssidCHIN is the lid for the WebSphere MQ Channel Initiator's userid and sslkeyring-id is obtained from the above action: TSS LIST(ssidCHIN) KEYRING(sslkeyring-id) Note: The sslkeyring-id is case sensitive. In the output find the DIGICERT field for ACID(ssidCHIN). Use this DIGICERT in the following command: TSS LIST(ssidCHIN) ...

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel