STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM MQ Appliance V9.0 AS Security Technical Implementation Guide

V-255793

CAT II (Medium)

The MQ Appliance messaging server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.

Rule ID

SV-255793r961857_rule

STIG

IBM MQ Appliance V9.0 AS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002450

Discussion

Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certificates are used for business-to-business transactions. Utilizing unapproved certificates not issued or approved by DoD or CNS creates an integrity risk. The messaging server must utilize approved DoD or CNS Class 3 or Class 4 certificates for software signing and business-to-business transactions.

Check Content

From the MQ Appliance WebGUI, click on the Administration (gear) icon.

Click on Main >> File Management.

Click on the cert directory.

Click on the "Details" action to the right of each cert to display its attributes.

Verify that each certificate attribute meets organizationally approved requirements.

If any certificates have not been issued by a DoD- or CNSS-approved PKI CA, this is a finding.

Fix Text

Install approved certificates that have been issued by a DoD CA.