STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM MQ Appliance V9.0 AS Security Technical Implementation Guide

V-255788

CAT II (Medium)

The MQ Appliance messaging server must automatically terminate a SSH user session after organization-defined conditions or trigger events requiring a session disconnect.

Rule ID

SV-255788r961221_rule

STIG

IBM MQ Appliance V9.0 AS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002361

Discussion

An attacker can take advantage of CLI user sessions that are left open, thus bypassing the user authentication process. To thwart the vulnerability of open and unused user sessions, the messaging server must be configured to close the sessions when a configured condition or trigger event is met. Session termination terminates all processes associated with a user's logical session except those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated. Conditions or trigger events requiring automatic session termination can include, for example, periods of user inactivity, targeted responses to certain types of incidents, and time-of-day restrictions on information system use.

Check Content

To access the MQ Appliance CLI, enter:
mqcli

show rbm

Verify that the cli-timeout displays the approved timeout value of 600 seconds (10 minutes) or less.

If it does not, this is a finding.

Fix Text

For the CLI used by the administrator, log on to the MQ Appliance CLI as a privileged user.

Enter:
co
rbm
cli-timeout 600
exit
write mem
y