An error occurred:

zOS WebsphereMQ for RACF STIG Version Comparison

zOS WebsphereMQ for RACF Security Technical Implementation Guide

Comparison

There are 11 differences between versions v6 r4 (Nov. 23, 2022) (the "left" version) and v7 r1 (April 2, 2025) (the "right" version).

Check ZWMQ0020 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements.

Check Content

a) Refer Refer to the following report produced by the z/OS Data Collection: - MQSRPT(ssid) NOTE: ssid Collection: - MQSRPT(ssid) Note: ssid is the queue manager name (a.k.a., subsystem identifier). Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZWMQ0020) b) Review Collection: - PDI(ZWMQ0020) Review the ssid report(s) and perform the following steps: 1) Find steps: 1. Find the DISPLAY SECURITY command to locate the start of the security parameter settings. 2) Review settings. 2. Review the CSQH015I and CSQH016I messages to determine the Timeout and Interval parameter settings respectively. 3) Repeat respectively. 3. Repeat these steps for each queue manager ssid. The standard values are: TIMEOUT(15) INTERVAL(5) c) If are: TIMEOUT(15) INTERVAL(5) If the Timeout and Interval values conform to the standard values, there this is NO FINDING. d) If not a finding. If the Timeout and/or Interval values do not conform to the standard values, this is a FINDING. finding.

Discussion

Users signed on to a WebSphere MQ queue manager could leave their terminals unattended for long periods of time. This may allow unauthorized individuals to gain access to WebSphere MQ resources and application data. This exposure could compromise the availability, integrity, and confidentiality of some system services and application data.

Fix

Review the WebSphere MQ System Setup Guide and the information on the ALTER SECURITY command in the WebSphere MQ Script (MQSC) Command Reference. Ensure the values for the TIMEOUT and INTERVAL parameters are specified in accordance with security requirements.