STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide

V-255764

CAT II (Medium)

The MQ Appliance network device must prohibit the use of cached authenticators after an organization-defined time period.

Rule ID

SV-255764r961521_rule

STIG

IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002007

Discussion

Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out of date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators.

Check Content

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. 

Verify the Authentication Method is set to LDAP and the cache setting is defined and specifies the organization-defined time period. 

If the Authentication Method is not set to LDAP and the cache setting does not specify the organization-defined time period, this is a finding.

Fix Text

Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. 

Set Authentication Method to LDAP. Limit cache settings to an organization-defined time period. 

Configure other LDAP connection settings as required.