The Target of Evaluation (TOE) is WebSphere MQ, version 7.1.0.2 (WMQ). WMQ is a Message-Oriented Middleware product that enables independent and potentially non-concurrent applications on a distributed system to communicate with each other. Applications use message queuing or message publication and subscription to participate in message-driven processing. In this way, applications can communicate across different platforms. For example, AIX and Oracle Solaris applications can communicate through WMQ, which shields the applications from the mechanics of the underlying communications.
\r\nThe TOE is available in the following operating system specific editions:
\r\nEach of these editions can support the following components, which are included within the TOE:
\r\nIn addition, WebSphere MQ for Windows supports WMQ XMS.NET/.NET/WCF clients.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the WebSphere MQ TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 augmented with ALC_FLR.2. The product, when delivered and configured as identified in the WebSphere MQ Version 7.1 Information Center, satisfies all of the security functional requirements stated in the WebSphere MQ 7.1 EAL2 Security Target, Version 0.19.
\r\nA validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in January 2014. The Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10491-2014), prepared by CCEVS.
","environmental_strengths":"WebSphere MQ v7.1 provides a low to moderate level of independently assured security in a conventional TOE and is suitable for a cooperative non-hostile environment with good physical access security and competent administrators.
\r\nWebSphere MQ v7.1 supports the following security functions:
\r\nAccess to an object is only given to a process acting on behalf of a user, if the associated user and group identifiers (IDs) associated with the user have been granted permission to access that object. The user and group IDs are obtained from the operational environment and cached in memory for any subsequent access requests. The user ID is contained within the message descriptor, which is used to confirm the user and group permissions. Permission is confirmed by checking that either the user identifier (UID) or group identifier (GID) is contained within the object’s Access Control List (ACL), or that of a recursive parent in a topic hierarchy.
\r\nOnly administrators are able to modify the ACL or delete event messages. Administrators are users that belong to the mqm or administrator groups within the operational environment. Identification is performed in the same way as normal users.
\r\nOn creation of an object, the queue manager sets default values for that object such that only the ID associated with the process creating the object and the administrator are able to access that object. This is done by adding the creators’ and administrators’ UID and GIDs to the ACL of that object. Once an object has been created, the administrator can update the ACL to grant or revoke access via the command line interface.
\r\nWMQ can be configured to generate event messages to record various significant security auditing events. There are four different types of security auditing event message: authorization failure events; channel events; command events; and configuration events. Each type of event message is put onto a different event queue.
\r\nAn event queue behaves in the same manner as other queues and, as with other queues, has an ACL, with access given only to administrators (i.e., members of the mqm or administrator group in the operational environment). Each event queue is protected to prevent unauthorized modification and deletion of audit records.
\r\nAll audit event messages contain the following information: date and time; type of event; type of application that caused the event; and user identity.
\r\nThe date and time information is retrieved from the operational environment each time an event message is created. The user identity is obtained from the process message descriptor.
\r\nViewing of the audit records is performed via a third party application. Various applications can be used to process MQ audit records. For example, IBM provides a monitoring product named Tivoli OMEGAMON. Other vendors also produce similar tools.
\r\nAudit records may be lost if the local audit queue becomes full and connection to the external audit store fails.
\r\nWMQ ensures channels from WMQ clients to a WMQ server, or between two WMQ servers, are established using Transport Layer Security (TLS). The TLS support provided by WMQ provides authentication, message integrity checking, and data encryption for transmitted data. WMQ relies on IBM Global Security Kit (GSKit), version 8.0.14.22 or later being present in the operational environment to provide support for TLS communications.
\r\nThere is an evaluated version of GSKit which should be used and configured according to its Security Target to ensure proper security for connections between clients and servers.
","features":[]}