STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM MQ Appliance V9.0 AS Security Technical Implementation Guide

V-255789

CAT II (Medium)

The MQ Appliance must automatically terminate a WebGUI user session after 600 seconds of idle time.

Rule ID

SV-255789r961221_rule

STIG

IBM MQ Appliance V9.0 AS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002361

Discussion

An attacker can take advantage of WebGUI user sessions that are left open, thus bypassing the user authentication process. To thwart the vulnerability of open and unused user sessions, the messaging server must be configured to close the sessions when a configured condition or trigger event is met. Session termination terminates all processes associated with a user's logical session except those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events requiring automatic session termination can include, for example, periods of user inactivity, targeted responses to certain types of incidents, and time-of-day restrictions on information system use.

Check Content

Log on to the MQ Appliance CLI as a privileged user.

To access the MQ Appliance CLI, enter:
mqcli

To enter configuration mode, enter:
co
web-mgmt
show

If the idle-timeout value is not "600" seconds or less, this is a finding.

Fix Text

Log on to the MQ Appliance CLI as a privileged user.

To access the MQ Appliance CLI, enter:
mqcli

To enter configuration mode, enter:
co
web-mgmt
idle-timeout <600 seconds or less>
exit
write mem
y