Cyber Trackr - Free Compliance Library
Cyber Trackr
The Free Compliance Library

IBM Hardware Management Console (HMC) Policies Security Technical Implementation Guide

  • Version/Release: V2R1
  • Published: 2023-03-20
  • Expand All:
  • Severity:
  • Sort:
Compare

Select any two versions of this STIG to compare the individual requirements

View

Select any old version/release of this STIG to view the previous requirements

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.
a
Initial Program Load (IPL) Procedures must exists for each partition defined to the system.
CM-6 - Low - CCI-000366 - V-256853 - SV-256853r890905_rule
RMF Control
CM-6
Severity
Low
CCI
CCI-000366
Version
HMCP0010
Vuln IDs
  • V-256853
  • V-24841
Rule IDs
  • SV-256853r890905_rule
  • SV-30530
If procedures for performing IPLs are not in place, it is extremely difficult to ensure overall operating system integrity.
Checks: C-60528r890903_chk

Have the Systems Administrator validate that IPL Procedures Documentation exists for all partitions that are defined on the system. Using the Hardware Management Console, do the following: 1) Access CPC Images Group displays. (This will list the LPARs.) 2) Compare the partition names listed on the Partition Page to validate that IPL procedures exist for each entered on the Central Processor Complex Domain/LPAR Names. If IPL Procedures do not exist for each partition, this is a FINDING.

Fix: F-60471r890904_fix

Create or refine procedures for performing IPLs for the LPARs/partitions defined on the system.

a
Power On Reset (POR) Procedures must be documented for each system.
CM-6 - Low - CCI-000366 - V-256854 - SV-256854r890908_rule
RMF Control
CM-6
Severity
Low
CCI
CCI-000366
Version
HMCP0110
Vuln IDs
  • V-256854
  • V-24842
Rule IDs
  • SV-256854r890908_rule
  • SV-30531
If procedures for performing PORs are not in place, it is extremely difficult to ensure overall operating system integrity
Checks: C-60529r890906_chk

Review the POR procedures with the System Administrator. Review documentation for completeness and accuracy. If no documentation exists, this is a FINDING

Fix: F-60472r890907_fix

Create or refine procedures for performing PORs.

a
System shutdown procedures documentation must exist for each partition defined to the system.
CM-6 - Low - CCI-000366 - V-256855 - SV-256855r890911_rule
RMF Control
CM-6
Severity
Low
CCI
CCI-000366
Version
HMCP0120
Vuln IDs
  • V-256855
  • V-24843
Rule IDs
  • SV-256855r890911_rule
  • SV-30532
If procedures for performing system shutdowns are not in place, it is extremely difficult to ensure overall data and operating system integrity.
Checks: C-60530r890909_chk

Have the System Administrator validate that System Shutdown Documentation exists for all partitions that are defined on the system. a) Using the Hardware Management Console, do the following: 1) Access CPC Images Group displays. (This will list the LPARs.) 2) Compare the partition names listed on the Partition Page to validate that System Shutdown procedures exist for each entered on the Central Processor Complex Domain/LPAR Names. If System Shutdown Procedures do not exist for each partition, this is a FINDING.

Fix: F-60473r890910_fix

Create or refine procedures for performing system shutdowns for each partition.

b
Backup of critical data for the HMC and its components must be documented and tracked
CM-6 - Medium - CCI-000366 - V-256856 - SV-256856r890914_rule
RMF Control
CM-6
Severity
Medium
CCI
CCI-000366
Version
HMCP0130
Vuln IDs
  • V-256856
  • V-24844
Rule IDs
  • SV-256856r890914_rule
  • SV-30533
If procedures for performing backup and recovery of critical data for the HMC is not in place, system recoverability may be jeopardized and overall security compromised.
Checks: C-60531r890912_chk

Review the documentation for backup of critical data for a HMC with the System Administrator. Review documentation for completeness and accuracy. If no documentation exists, this is a FINDING.

Fix: F-60474r890913_fix

Verify that procedures for backup of the critical data for the HMCs are properly documented. If not, create Backup Procedures documentation. CPC data should be backed-up when configuration or CPC- licensed internal code changes have been made or as a routine preventive maintenance procedure.