IBM Hardware Management Console (HMC) Security Technical Implementation Guide

  • Version/Release: V2R1
  • Published: 2024-06-24
  • Released: 2024-07-24
  • Expand All:
  • Severity:
  • Sort:
Compare

Select any two versions of this STIG to compare the individual requirements

View

Select any old version/release of this STIG to view the previous requirements

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.
c
The Enterprise System Connection (ESCON) Director (ESCD) Application Console must be located in a secure location
CM-6 - High - CCI-000366 - V-256857 - SV-256857r991589_rule
RMF Control
CM-6
Severity
High
CCI
CCI-000366
Version
HLESC010
Vuln IDs
  • V-256857
  • V-24340
Rule IDs
  • SV-256857r991589_rule
  • SV-29986
The ESCD Application Console is used to add, change, and delete port configurations and dynamically switch paths between devices. If the ESCON Director Application Console is not located in a secured location, unauthorized personnel can bypass security, access the system, and alter the environment. This could impact the integrity and confidentiality of operations. NOTE: Many newer installations no longer support the ESCD Application Console. For installations not supporting the ESCD Application Console, this check is not applicable.
Checks: C-60532r890915_chk

If the ESCD Application Console is present, verify the location of the ESCD Application Console, otherwise this check is not applicable. If the ESCON Director Application console is not located in a secure location this is a finding.

Fix: F-60475r890916_fix

Move the (ESCD) Console Application console to a secure location and implement access control procedures to ensure access by authorized personnel only. An ESCD Console Application is used to provide data center personnel with an interface for displaying and changing an ESCD'S connectivity attributes. It is also used to install, initialize, and service an ESCON Director. Note: ESCD'S are slowly being phased out and are being replaced with FICON Directors.

b
Sign-on to the ESCD Application Console must be restricted to only authorized personnel.
AC-6 - Medium - CCI-002227 - V-256858 - SV-256858r958726_rule
RMF Control
AC-6
Severity
Medium
CCI
CCI-002227
Version
HLESC020
Vuln IDs
  • V-256858
  • V-24342
Rule IDs
  • SV-256858r958726_rule
  • SV-29994
The ESCD Application Console is used to add, change, and delete port configurations and to dynamically switch paths between devices. Access to the ESCD Application Console is restricted to three classes of personnel: Administrators, service representatives and operators. The administrator sign-on controls passwords at all levels, the service representative sign-on allows access to maintenance procedures, and the operator sign-on allows for configuration changes and use of the Director utilities. Unrestricted use by unauthorized personnel could impact the integrity of the environment. This would result in a loss of secure operations and impact data operating environment integrity. NOTE: Many newer installations no longer support the ESCD Application Console. For installations not supporting the ESCD Application Console, this check is not applicable.
Checks: C-60533r890918_chk

If the ESCD Application Console is present, have the ESCON System Administrator verify that sign-on access to the ESCD Application Console is restricted to authorized personnel by signing on without a valid userid and password, otherwise this check is not applicable. If the ESCD Application Console sign-on access is not restricted, this is a finding.

Fix: F-60476r890919_fix

Review access authorization to ESCD Application Console and ensure that all personnel are restricted to authorized levels of access. The ESCD Application Console and its associated ESCON Director can be secured using passwords. Three levels of password controls have been established. Each password level controls different ESCD Application Console functions. Prior to making any changes or accessing utilities or maintenance procedures, a user is required to enter a password. A password administrator must use the ESCD Application Console to enable an authorized user access. Following are the three levels of password authority: Administration (Level 1) Restrict to systems programming personnel who serve as administrators. A Level 1 password allows the user to display, add, change, and delete passwords of all of the ESCON Director Level 1, Level 2, and Level 3 users. It does not allow the administrator to access maintenance procedures or utilities or to change connectivity attributes. Maintenance (Level 2) Restrict to service representatives who perform maintenance procedures. Level 2 users cannot view other users' passwords, change passwords, change connectivity attributes, or access utilities. Operations (Level 3) Restrict to system administrators responsible for changing connectivity attributes and accessing certain utilities. Level 3 users cannot view other users' passwords, change passwords, or perform maintenance procedures.

c
The ESCON Director Application Console Event log must be enabled.
AU-12 - High - CCI-000169 - V-256859 - SV-256859r958442_rule
RMF Control
AU-12
Severity
High
CCI
CCI-000169
Version
HLESC030
Vuln IDs
  • V-256859
  • V-24343
Rule IDs
  • SV-256859r958442_rule
  • SV-29995
The ESCON Director Console Event Log is used to record all ESCON Director Changes. Failure to create an ESCON Director Application Console Event log results in the lack of monitoring and accountability of configuration changes. In addition, its use in the execution of a contingency plan could be compromised and security degraded. NOTE: Many newer installations no longer support the ESCON Director Console. For installations not supporting the ESCON Director Console, this check is not applicable.
Checks: C-60534r890921_chk

If the ESCON Director Console is present, verify on the ESCON Director Application Console that the Event log is in use, otherwise this check is not applicable. If no Event log exists, this is a finding.

Fix: F-60477r890922_fix

Ensure that an ESCON Director Application Console log is created and in use every time the system is switched on. The ESCON Director maintains an audit trail at the ESCD console’s fixed disk. This audit trail logs the time, date, and password identification when changes have been made to the ESCON Director.

b
The Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.
AC-6 - Medium - CCI-002227 - V-256860 - SV-256860r958726_rule
RMF Control
AC-6
Severity
Medium
CCI
CCI-002227
Version
HLESC080
Vuln IDs
  • V-256860
  • V-24344
Rule IDs
  • SV-256860r958726_rule
  • SV-29998
The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthorized personnel could result in varying of ESCON Directors online or offline and applying configuration changes. Unrestricted use by unauthorized personnel could lead to bypass of security, unlimited access to the system, and an altering of the environment. This would result in a loss of secure operations and will impact data operating integrity of the environment. NOTE: Many newer installations no longer support the ESCON Director Application. For installations not supporting the ESCON Director Application, this check is not applicable.
Checks: C-60535r890924_chk

If the ESCON Director Application is present, verify that sign-on access to the DCAF Console is restricted to authorized personnel, otherwise, this check is not applicable. If sign-on access to the DCAF Console is not restricted, this is a finding.

Fix: F-60478r890925_fix

Review access authorization to DCAF Consoles. Ensure that all personnel are restricted to authorized levels of access. Remote access to the LAN may be provided through DCAF via a LAN or modem connection. DCAF passwords should be implemented to prevent unauthorized access.

b
DCAF Console access must require a password to be entered by each user.
IA-2 - Medium - CCI-000764 - V-256861 - SV-256861r958482_rule
RMF Control
IA-2
Severity
Medium
CCI
CCI-000764
Version
HLESC085
Vuln IDs
  • V-256861
  • V-25247
Rule IDs
  • SV-256861r958482_rule
  • SV-31292
The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthorized personnel could result in varying of ESCON Directors online or offline and applying configuration changes. Unrestricted use by unauthorized personnel could lead to bypass of security, unlimited access to the system, and an altering of the environment. This would result in a loss of secure operations and will impact data operating integrity of the environment. NOTE: Many newer installations no longer support the ESCON Director Application. For installations not supporting the ESCON Director Application, this check is not applicable.
Checks: C-60536r890927_chk

If the ESCON Director Application is present, have the System Administrator attempt to sign on to the DCAF Console and validate that a password is required, otherwise, this check is not applicable. If sign-on access to the DCAF Console does not require a password this is a finding.

Fix: F-60479r890928_fix

Have the System Administrator review access authorization to DCAF Consoles. Ensure that all personnel are required to enter a password. Remote access to the LAN may be provided through DCAF via a LAN or modem connection. DCAF passwords should be implemented to prevent unauthorized access.

b
Unauthorized partitions must not exist on the system complex.
CM-6 - Medium - CCI-000366 - V-256862 - SV-256862r991589_rule
RMF Control
CM-6
Severity
Medium
CCI
CCI-000366
Version
HLP0010
Vuln IDs
  • V-256862
  • V-24378
Rule IDs
  • SV-256862r991589_rule
  • SV-30052
The running of unauthorized Logical Partitions (LPARs) could allow a “Trojan horse” version of the operating environment to be introduced into the system complex. This could impact the integrity of the system complex and the confidentiality of the data that resides in it.
Checks: C-60537r890930_chk

Using the Hardware Management Console, do the following: Access the Change LPAR Control Panel. (This will list the LPARs.) Compare the partition names listed on the Partition Page to the names entered on the Central Processor Complex Domain/LPAR Names table. Note: Each site should maintain a list of valid LPARS that are configured on thier system , what operating system, and the purpose of each LPAR. If unauthorized partitions exist on the system complex and the deviation is not documented, this is a FINDING.

Fix: F-60480r890931_fix

Review the LPARs on the system and remove any unauthorized LPARs. If a deviation exists, the system administrator will provide written justification for the deviation. This will be displayed by using the Change LPAR Control Panel.

b
On Classified Systems, Logical Partition must be restricted with read/write access to only its own IOCDS.
AC-3 - Medium - CCI-000213 - V-256863 - SV-256863r958472_rule
RMF Control
AC-3
Severity
Medium
CCI
CCI-000213
Version
HLP0020
Vuln IDs
  • V-256863
  • V-24379
Rule IDs
  • SV-256863r958472_rule
  • SV-30053
Unrestricted control over the IOCDS files could result in unauthorized updates and impact the configuration of the environment by allowing unauthorized access to a restricted resource. This could severely damage the integrity of the environment and the system resources.
Checks: C-60538r890933_chk

Using the Hardware Management Console, verify that a logical partition cannot read or write to any IOCDS. Use the Security Definitions Page panel to do this by checking to see if the Input/Output (I/O) Configuration Control option has been turned on. NOTE: The default is applicable to only classified systems. Confirm whether or not the I/O Configuration Control option is checked. If the Logical Partition is not restricted with read/write access to only its own IOCDS, this is a FINDING.

Fix: F-60481r890934_fix

Review the Security Definition parameters specified under Processor Resource/Systems Manager (PR/SM). Verify and implement the correct settings.

b
Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands.
AC-3 - Medium - CCI-000213 - V-256864 - SV-256864r958472_rule
RMF Control
AC-3
Severity
Medium
CCI
CCI-000213
Version
HLP0030
Vuln IDs
  • V-256864
  • V-24380
Rule IDs
  • SV-256864r958472_rule
  • SV-30055
Unrestricted control over the issuing of system commands by a Logical Partition could result in unauthorized data access and inadvertent updates. This could result in severe damage to system resources.
Checks: C-60539r890936_chk

Using the Hardware Management Console, verify that the Logical Partitions cannot issue control program commands to another Logical Partition. Use the PR/SM panel, known as the Security Definitions Page, to do this. The Cross Partition Control option must be turned off. NOTE: The default is that the Cross Partition Control option is turned off. If Processor Resource/Systems Manager (PR/SM) allows unrestricted issuing of control program commands then this is a FINDING

Fix: F-60482r890937_fix

Review the Security Definition parameters specified under PR/SM, and turn off the Cross Partition Control option.

c
Classified Logical Partition (LPAR) channel paths must be restricted.
AC-3 - High - CCI-000213 - V-256865 - SV-256865r958472_rule
RMF Control
AC-3
Severity
High
CCI
CCI-000213
Version
HLP0040
Vuln IDs
  • V-256865
  • V-24381
Rule IDs
  • SV-256865r958472_rule
  • SV-30056
Restricted LPAR channel paths are necessary to ensure data integrity. Unrestricted LPAR channel path access could result in a compromise of data integrity. When a classified LPAR exists on a mainframe which requires total isolation, all paths to that LPAR must be restricted.
Checks: C-60540r890939_chk

Have the System Administrator or Systems Programmer on classified systems use the Hardware Management Console to verify that the LPAR channel paths are reserved from the rest of the LPARs. Use the Security Definitions Panel to verify this. The Logical Partition Isolation option must be turned on. If the Classified LPAR channel paths are not restricted then this is a FINDING.

Fix: F-60483r890940_fix

Have the System Administrator or Systems Programmer for classified systems use the Hardware Management Console to verify that the LPAR channel paths are reserved from the rest of the LPARs. Use the Security Definitions Panel to verify this. The Logical Partition Isolation option must be turned on for classified systems.

b
On Classified Systems the Processor Resource/Systems Manager (PR/SM) must not allow access to system complex data.
AC-3 - Medium - CCI-000213 - V-256866 - SV-256866r958472_rule
RMF Control
AC-3
Severity
Medium
CCI
CCI-000213
Version
HLP0050
Vuln IDs
  • V-256866
  • V-24382
Rule IDs
  • SV-256866r958472_rule
  • SV-30057
Allowing unrestricted access to all Logical Partition data could result in the possibility of unauthorized access and updating of data. This could also impact the integrity of the processing environment.
Checks: C-60541r890942_chk

Have the Systems Administrator or Systems Programmer use the Hardware Management Console; to verify that the classified Logical Partition system data cannot be viewed by other Logical Partitions. Use the Security Definitions Panel to do this. The Global Performance Data Control option must be turned off. NOTE: The default is that the Global Performance Data Control option is turned off. If the PR/SM allows access to system complex data then, this is a FINDING.

Fix: F-60484r890943_fix

Have the Systems Administrator or Systems Programmer use the Hardware Management Console, to verify that the classified Logical Partition system data cannot be viewed by other Logical Partitions. Use the Security Definitions Panel to do this. The Global Performance Data Control option must be turned off.

c
Central processors must be restricted for classified/restricted Logical Partitions (LPARs).
AC-3 - High - CCI-000213 - V-256867 - SV-256867r958472_rule
RMF Control
AC-3
Severity
High
CCI
CCI-000213
Version
HLP0060
Vuln IDs
  • V-256867
  • V-24383
Rule IDs
  • SV-256867r958472_rule
  • SV-30058
Allowing unrestricted access to classified processors for all LPARs could cause the corruption and loss of classified data sets, which could compromise classified processing.
Checks: C-60542r890945_chk

Have the system administrator or systems programmer use the Hardware Management Console; to verify that the LPAR processors are dedicated for exclusive use by classified LPARs. Use the Processor Page to do this. The Dedicated Central Processors option must be turned on. If Central processors are not restricted for classified/restricted LPARs, this is a FINDING.

Fix: F-60485r890946_fix

Review the Processor Page under PR/SM and turn on the Dedicated Central Processor option for classified or restricted LPARs. For unclassified LPARs, this option should not be turned on, unless determined by the site.

c
The Hardware Management Console must be located in a secure location.
CM-6 - High - CCI-000366 - V-256868 - SV-256868r991589_rule
RMF Control
CM-6
Severity
High
CCI
CCI-000366
Version
HMC0010
Vuln IDs
  • V-256868
  • V-24345
Rule IDs
  • SV-256868r991589_rule
  • SV-29999
The Hardware Management Console is used to perform Initial Program Load (IPLs) and control the Processor Resource/System Manager (PR/SM). If the Hardware Management Console is not located in a secure location, unauthorized personnel can bypass security, access the system, and alter the environment. This can lead to loss of secure operations if not corrected immediately.
Checks: C-60543r890948_chk

Verify the location of the Hardware Management Console. It should be located in a controlled area. Access to it should be restricted. If the Hardware Management Console is not located in a secure location this is a FINDING.

Fix: F-60486r890949_fix

Move the Hardware Management Console to a secure location and implement access controls for authorized personnel.

b
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be restricted to an authorized vendor site.
MA-3 - Medium - CCI-002883 - V-256869 - SV-256869r1001084_rule
RMF Control
MA-3
Severity
Medium
CCI
CCI-002883
Version
HMC0030
Vuln IDs
  • V-256869
  • V-24348
Rule IDs
  • SV-256869r1001084_rule
  • SV-30007
Dial-out access from the Hardware Management Console could impact the integrity of the environment, by enabling the possible introduction of spyware or other malicious code. It is important to note that it should be properly configured to only go to an authorized vendor site. Note: This feature will be activated for Non-Classified Systems only. Also, many newer processors (e.g., zEC12/zBC12 processors) will not have modems. If there is no modem, this check is not applicable.
Checks: C-60544r890951_chk

Whenever dial-out hardware is present, have the System Administrator or Systems Programmer validate that dial-out access from the Hardware Management Console is enabled for any non-classified system. Note: This is accomplished by going to Hardware Management Console and selecting Customize Remote Services. Then verify that Enable Remote Services is active. If automatic dial-out access from the Hardware Management Console is enabled, have the Systems Administrator or Systems Programmer validate that remote phone number and remote service parameters values are valid authorized venders in the remote Service Panel of the Hardware Management Console. If all the above values are not correct, this is a finding.

Fix: F-60487r890952_fix

When this feature is turned on for non-classified systems, the site must verify that the remote site information is valid. The RSF, which is also commonly referred to as call home, is one of the key components that contributes to zero downtime on System z hardware. The Hardware Management Console RSF provides communication to an IBM support network, known as RETAIN for hardware problem reporting and service. When a Hardware Management Console enables RSF, the Hardware Management Console then becomes a call home server. The types of communication that are provided are: - Problem reporting and repair data. - Fix delivery to the service processor and Hardware Management Console. - Hardware inventory data. - System updates that are required to activate Capacity on Demand changes. The following call home security characteristics are in effect regardless of the connectivity method that is chosen: RSF requests are always initiated from the Hardware Management Console to IBM. An inbound connection is never initiated from the IBM Service Support System. All data that is transferred between the Hardware Management Console and the IBM Service Support System is encrypted in a high-grade Secure Sockets Layer (SSL) encryption. When initializing the SSL-encrypted connection, the Hardware Management Console validates the trusted host by its digital signature issued for the IBM Service Support system. Data sent to the IBM Service Support System consists solely of hardware problems and configuration data. No application or customer data is transmitted to IBM.

c
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be disabled for all classified systems.
CM-7 - High - CCI-001762 - V-256870 - SV-256870r1001085_rule
RMF Control
CM-7
Severity
High
CCI
CCI-001762
Version
HMC0035
Vuln IDs
  • V-256870
  • V-24398
Rule IDs
  • SV-256870r1001085_rule
  • SV-30081
This feature will not be activated for any classified systems. Allowing dial-out access from the Hardware Management Console could impact the integrity of the environment by enabling the possible introduction of spyware or other malicious code.
Checks: C-60545r890954_chk

Have the Systems Administrator or Systems Programmer validate that dial-out access from the Hardware Management Console is not activated for any classified systems. Note: This can be accomplished by going to the Customize Remote Service Panel on the Hardware Management Console and verifying that enable remote service is not enabled. If this is a classified system and enable remote service is enabled, then this is a FINDING.

Fix: F-60488r890955_fix

Have the Systems Administrator or Systems Programmer validate that dial-out access from the Hardware Management Console is not activated for any classified systems. Note: This can be accomplished by going to the Customize Remote Service Panel on the Hardware Management Console and verifying that enable remote service is not enabled.

b
Access to the Hardware Management Console must be restricted to only authorized personnel.
AC-6 - Medium - CCI-002227 - V-256871 - SV-256871r958726_rule
RMF Control
AC-6
Severity
Medium
CCI
CCI-002227
Version
HMC0040
Vuln IDs
  • V-256871
  • V-24349
Rule IDs
  • SV-256871r958726_rule
  • SV-30008
Access to the Hardware Management Console if not properly restricted to authorized personnel could lead to a bypass of security, access to the system, and an altering of the environment. This would result in a loss of secure operations and can cause an impact to data operating environment integrity.
Checks: C-60546r890957_chk

Verify that sign-on access to the Hardware Management Console is restricted to authorize personnel and that a DD2875 is on file for each user ID. Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles. If each user displayed by the System Administrator does not have a DD2875, then this is a FINDING.

Fix: F-60489r890958_fix

The System Administrator will see that sign-on access to the Hardware Management Console is restricted to authorized personnel and that a DD2875 is on file for each user ID. Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities. The System Administrator must see that the list and users defined to the Hardware Management Console match.

b
Access to the Hardware Management Console (HMC) must be restricted by assigning users proper roles and responsibilities.
AC-6 - Medium - CCI-000225 - V-256872 - SV-256872r958472_rule
RMF Control
AC-6
Severity
Medium
CCI
CCI-000225
Version
HMC0045
Vuln IDs
  • V-256872
  • V-25386
Rule IDs
  • SV-256872r958472_rule
  • SV-31555
Access to the HMC if not properly controlled and restricted by assigning users proper roles and responsibilities, could allow modification to areas outside the need-to-know and abilities of the individual resulting in a bypass of security and an altering of the environment. This would result in a loss of secure operations and can cause an impact to data operating environment integrity.
Checks: C-60547r890960_chk

Have the System Administrator verify to the reviewer that the Roles and Responsibilities assigned are assigned to the proper individuals by their areas of responsibility. Note: Sites must have a list of valid HMC users, indicating their USERID, Date of DD2875, and roles and responsibilities. Have the System Administrator verify to the reviewer that the Roles and Responsibilities assigned are assigned to the proper individuals by their areas of responsibility. To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles. If the HMC user-IDs displayed by the System Administrator are not properly assigned by Roles and Responsibilities, then this is a FINDING.

Fix: F-60490r890961_fix

Have the System Administrator using the list user IDs and responsibilities, validate that each user is properly specified in the HMC based on his/her roles and responsibilities. Note: Sites must have a list of valid HMC users, indicating their USERID, Date of DD2785, roles and responsibilities To display user roles choose User Profiles and then select the user for modification. View Task Roles and Manager Roles.

b
Automatic Call Answering to the Hardware Management Console must be disabled.
AC-6 - Medium - CCI-002227 - V-256873 - SV-256873r958726_rule
RMF Control
AC-6
Severity
Medium
CCI
CCI-002227
Version
HMC0050
Vuln IDs
  • V-256873
  • V-24350
Rule IDs
  • SV-256873r958726_rule
  • SV-30013
Automatic Call Answering to the Hardware Management Console allows unrestricted access by unauthorized personnel and could lead to a bypass of security, access to the system, and an altering of the environment. This would result in a loss of secure operations and impact the integrity of the operating environment, files, and programs. Note: Dial-in access to the Hardware Management Console is prohibited. Also, many newer processors (e.g., zEC12/zBC12 processors) will not have modems. If there is no modem, this check is not applicable.
Checks: C-60548r890963_chk

Have the System Administrator verify if either the Enable Remote Operations parameter or the Automatic Call Answering parameter are active on the Enable Hardware Management Console Services panel. The Enable Remote Operations is found under Customize Remote Services and Automatic Call Answering is found under Customize Auto Answer Settings. If either of the above options are active, then this is a FINDING.

Fix: F-60491r890964_fix

The System Administrator must set dial-in facility to off. Do this by ensuring that both the Enable Remote Operations parameter and the Automatic Call Answering parameter are turned off. In Check Content: Enable Remote Operations is found under Customize Remote Services and Automatic Call Answering is found under Customize Auto Answer Settings.

b
The Hardware Management Console Event log must be active.
AU-12 - Medium - CCI-000169 - V-256874 - SV-256874r958442_rule
RMF Control
AU-12
Severity
Medium
CCI
CCI-000169
Version
HMC0070
Vuln IDs
  • V-256874
  • V-24352
Rule IDs
  • SV-256874r958442_rule
  • SV-30015
The Hardware Management Console controls the operation and availability of the Central Processor Complex (CPC). Failure to create and maintain the Hardware Management Console Event log could result in the lack of monitoring and accountability of CPC control activity.
Checks: C-60549r890966_chk

Verify on the Hardware Management Console that the Event log is in use. This is done by selecting the View Console Events panel under Console Actions. From this panel you can display: Console Information on EC Changes Console Service History displays HMC Problems Console Tasks Displays Last 2000 tasks performed on console View Licenses View LIC (Licensed Internal Code) View Security Logs tracks an object’s operational state, status, or settings change or involves user access to tasks, actions, and objects. If no Event log exists, this is a FINDING. If the Event log exists and is not collecting data, this is a FINDING.

Fix: F-60492r890967_fix

The System Administrator will activate the Hardware Management Console Event log and ensure that all tracking parameters are set. This is done by selecting the View Console Events panel under Console Actions. From this panel you can display: Console Information on EC Changes Console Service History displays HMC Problems Console Tasks Displays Last 2000 tasks performed on console View Licenses View LIC (Licensed Internal Code) View Security Logs tracks an object’s operational state, status, or settings change or involves user access to tasks, actions, and objects.

c
The manufacturer’s default passwords must be changed for all Hardware Management Console (HMC) Management software.
CM-6 - High - CCI-000366 - V-256875 - SV-256875r1001086_rule
RMF Control
CM-6
Severity
High
CCI
CCI-000366
Version
HMC0080
Vuln IDs
  • V-256875
  • V-24353
Rule IDs
  • SV-256875r1001086_rule
  • SV-30021
The changing of passwords from the HMC default values, blocks malicious users with knowledge of these default passwords, from creating a denial of service or from reconfiguring the HMC topology leading to a compromise of sensitive data. The system administrator will ensure that the manufacturer’s default passwords are changed for all HMC management software.
Checks: C-60550r890969_chk

Have the System Administrator logon to the HMC and validate that all default passwords have been changed. Go to task Modify User, select user, select Modify and enter and confirm new password. User ID Default Password • OPERATOR PASSWORD • ADVANCED PASSWORD • SYSPROG PASSWORD • ACSADMIN PASSWORD The System Administrator is to validate that each user has his/her own user ID and password and that sharing of user-IDs and passwords is not permitted. Default user IDs and passwords are established as part of a base HMC. The System Administrator must assign new user IDs and passwords for each user and remove the default user IDs as soon as the HMC is installed by using the User Profiles task or the Manage Users Wizard. If all the default passwords have not been changed, and each user is not assigned a separate user ID and password, then this is a FINDING

Fix: F-60493r890970_fix

The System Administrator must logon to the HMC and validate that all Default Passwords have been changed. User ID Default Password OPERATOR PASSWORD ADVANCED PASSWORD SYSPROG PASSWORD ACSADMIN PASSWORD Default user IDs and passwords are established as part of a base HMC. The System Administrator must assign new user IDs and passwords for each user and remove the default user IDs as soon as the HMC is installed by using the User Profiles task or the Manage Users Wizard. Go to task Modify User, select user, select Modify and enter and confirm new password.

b
Predefined task roles to the Hardware Management Console (HMC) must be specified to limit capabilities of individual users.
AC-3 - Medium - CCI-000213 - V-256876 - SV-256876r958472_rule
RMF Control
AC-3
Severity
Medium
CCI
CCI-000213
Version
HMC0090
Vuln IDs
  • V-256876
  • V-24354
Rule IDs
  • SV-256876r958472_rule
  • SV-30022
Individual task roles with access to specific resources if not created and restricted, will allow unrestricted access to system functions. The following is an example of some managed resource categories: Tasks are functions that a user can perform, and the managed resource role defines where those tasks might be carried out. The Access Administrator assigns a user ID and user roles to each user of the Hardware Management Console. • OPERATOR OPERATOR • ADVANCED ADVANCED OPERATOR • ACSADMIN ACCESS ADMINISTRTOR • SYSPROG SYSTEM PROGRAMMER • SERVICE SRVICE REPRESENTATIVE Failure to establish this environment may lead to uncontrolled access to system resources.
Checks: C-60551r890972_chk

Have the System Administrator display the user profiles and demonstrate that valid users are defined to valid roles and that authorities are restricted to the site list of users. Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities. To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles. If the different roles are not properly displayed or are not properly restricted, then this is a FINDING.

Fix: F-60494r890973_fix

The System Administrator must set up a list of Users Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities and these must match the users defined to the HMC. To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles.

b
Individual user accounts with passwords must be maintained for the Hardware Management Console operating system and application.
IA-1 - Medium - CCI-000760 - V-256877 - SV-256877r958482_rule
RMF Control
IA-1
Severity
Medium
CCI
CCI-000760
Version
HMC0100
Vuln IDs
  • V-256877
  • V-24355
Rule IDs
  • SV-256877r958482_rule
  • SV-30023
Without identification and authentication, unauthorized users could reconfigure the Hardware Management Console or disrupt its operation by logging in to the system or application and execute unauthorized commands. The System Administrator will ensure individual user accounts with passwords are set up and maintained for the Hardware Management Console.
Checks: C-60552r890975_chk

Have the System Administrator prove that individual USER IDs are specified for each user and DD2875 are on file for each user. If USERIDs are shared among multiple users and crresponding DD2875 forms do not exist for each user, then this is a FINDING.

Fix: F-60495r890976_fix

Have the System Administrator verify that all users of the Hardware Management Console are individually defined with USER IDs and passwords and that their roles and responsibilities are documented. Verify that a DD2875 exists for each USER ID.

b
The PASSWORD History Count value must be set to 10 or greater.
- Medium - CCI-004061 - V-256878 - SV-256878r998329_rule
RMF Control
Severity
Medium
CCI
CCI-004061
Version
HMC0110
Vuln IDs
  • V-256878
  • V-24356
Rule IDs
  • SV-256878r998329_rule
  • SV-30024
History Count specifies the number of previous passwords saved for each USERID and compares it with an intended new password. If there is a match with one of the previous passwords, or with the current password, it will reject the intended new password. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment.
Checks: C-60553r998327_chk

Have the system administrator (SA) display the Password Profile Task window on the Hardware Management Console and validate that the History Count is set to 10. If the History Count is less than 10, then this is a finding.

Fix: F-60496r998328_fix

Have the SA go into the Password Profile and set the History Count to 10 or greater.

b
The PASSWORD expiration day(s) value must be set to equal or less then 60 days.
- Medium - CCI-004066 - V-256879 - SV-256879r998332_rule
RMF Control
Severity
Medium
CCI
CCI-004066
Version
HMC0120
Vuln IDs
  • V-256879
  • V-24358
Rule IDs
  • SV-256879r998332_rule
  • SV-30026
Expiration Day(s) specifies the maximum number of days that each user's password is valid. When a user logs on to the Hardware Management Console it compares the system password interval value specified in the user profile and it uses the lower of the two values to determine if the user's, password has expired. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment.
Checks: C-60554r998330_chk

Have the system administrator (SA) display the Password Profile Task window on the Hardware Management Console and validate that the Expiration day(s) is set to equal or less than 60 days. If the expiration day(s) is set to equal or less then 60 days, this is not a finding. If the expiration day(s) is greater than 60 days, then this is a finding.

Fix: F-60497r998331_fix

Have the SA go into the Password Profile and set the Expiration day(s) to equal or less then 60 days.

b
Maximum failed password attempts before disable delay must be set to 3 or less.
AC-7 - Medium - CCI-000044 - V-256880 - SV-256880r958388_rule
RMF Control
AC-7
Severity
Medium
CCI
CCI-000044
Version
HMC0130
Vuln IDs
  • V-256880
  • V-24359
Rule IDs
  • SV-256880r958388_rule
  • SV-30027
The Maximum failed attempts before disable delay is not set to 3. This specifies the number of consecutive incorrect password attempts the Hardware Management Console allows as 3 times, before setting a 60-minute delay to attempt to retry the password. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. Note: The Hardware Management Console does not allow a revoke of a userID. A 60- minute delay time setting is being substituted.
Checks: C-60555r890984_chk

Have the System Administrator display the maximum failed attempts on the user properties table on the Hardware Management Console before disable delay is invoked. Maximum Failed Attempts and Disable Delay are found in User Profiles by selecting the user, selecting modify user and then selecting User Properties. If the Maximum failed attempts before disable delay is invoked is set at greater than 3, then this is a FINDING.

Fix: F-60498r890985_fix

The System Administrator will display the User Properties window on the Hardware Management Console for each user and verify that the maximum attempts before disable delay is set to 3 or less and will update them if this is not true. Maximum Failed Attempts and Disable Delay are found in User Profiles by selecting the user, selecting modify user and then selecting User Properties.

a
A maximum of 60-minute delay must be specified for the password retry after 3 failed attempts to enter your password
AC-7 - Low - CCI-002238 - V-256881 - SV-256881r958736_rule
RMF Control
AC-7
Severity
Low
CCI
CCI-002238
Version
HMC0135
Vuln IDs
  • V-256881
  • V-25404
Rule IDs
  • SV-256881r958736_rule
  • SV-31588
The Maximum failed attempts before disable delay is not set to 3. This specifies the number of consecutive incorrect password attempts the Hardware Management Console allows as 3 times, before setting a 60-minute delay to attempt to retry the password. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. Note: The Hardware Management Console does not allow a revoke of a user ID.A 60-minute delay time setting is being substituted.
Checks: C-60556r890987_chk

Have the System Administrator display the Disable delay in minutes. Disable Delay is found in User Profiles by selecting the user, selecting modify user and then selecting User Properties. If this is les than 60 minutes then this is a finding. Note: Hardware Management Console does not have the ability to revoke a user ID, so a 60-minute delay has been imposed instead.

Fix: F-60499r890988_fix

The System Administrator will display the User Properties window on the Hardware Management Console for each user and verify that the disable delay is set to 60 or more. Maximum Failed Attempts and Disable Delay are found in User Profiles by selecting the user, selecting modify user and then selecting User Properties.

b
The password values must be set to meet the requirements in accordance with DODI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE [IA] AND COMPUTER NETWORK DEFENSE [CND]).
- Medium - CCI-004066 - V-256882 - SV-256882r998335_rule
RMF Control
Severity
Medium
CCI
CCI-004066
Version
HMC0140
Vuln IDs
  • V-256882
  • V-24360
Rule IDs
  • SV-256882r998335_rule
  • SV-30028
In accordance with DODI 8500.2 for DOD information systems processing sensitive information and above and CJCSI 6510.01E (INFORMATION ASSURANCE [IA] AND COMPUTER NETWORK DEFENSE [CND]). The following recommendations concerning password requirements are mandatory and apply equally to both classified and unclassified systems: (1) Passwords are to be 14 characters. (2) Passwords are to be a mix of uppercase, lowercase alphabetic, numeric, and special characters, including at least one of each. Special characters include the national characters (i.e., @, #, and $) and other nonalphabetic and nonnumeric characters typically found on a keyboard. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the Hardware Management Console control options introduces the possibility of exposure during the migration process or contingency plan activation.
Checks: C-60557r998333_chk

Have the system administrator (SA) display the Password Profile Task window on the Hardware Management Console and check that: Passwords are to be a minimum of 14 characters in length. Passwords are to be a mix of uppercase, lowercase alphabetic, numeric, and special characters, including at least one of each. Special characters include the national characters (i.e., @, #, and $) and other nonalphabetic and nonnumeric characters typically found on a keyboard. Each character of the password is to be unique, prohibiting the use of repeating characters. Passwords are to contain no consecutive characters (e.g., 12, AB, etc.). If the Password Profile does not have the specifications for the above options then this is a finding.

Fix: F-60500r998334_fix

Have the system administrator (SA) validate that the settings in the Password Profiles Window meet the following specifications: Passwords are a minimum of 14 characters in length. Passwords are to be a mix of uppercase, lowercase alphabetic, numeric, and special characters, including at least one of each. Special characters include the national characters (i.e., @, #, and $) and other non-alphabetic and non-numeric characters typically found on a keyboard. Each character of the password is to be unique, prohibiting the use of repeating characters. Passwords are to contain no consecutive characters (e.g., 12, AB, etc.).

b
The terminal or workstation must lock out after a maximum of 15 minutes of inactivity, requiring the account password to resume.
AC-11 - Medium - CCI-000057 - V-256883 - SV-256883r958402_rule
RMF Control
AC-11
Severity
Medium
CCI
CCI-000057
Version
HMC0150
Vuln IDs
  • V-256883
  • V-24361
Rule IDs
  • SV-256883r958402_rule
  • SV-30029
If the system, workstation, or terminal does not lock the session after more than15 minutes of inactivity, requiring a password to resume operations, the system or individual data could be compromised by an alert intruder who could exploit the oversight.
Checks: C-60558r890993_chk

Have the System Administrator display the User Properties window on the Hardware Management Console and check that the timeout minutes are set to a maximum of 15. If the Verify Timeout minutes are set to more than 15, then this is a FINDING.

Fix: F-60501r890994_fix

The System Administrator will display the User Properties window and will ensure that the Verify timeout minutes are set to a maximum of 15.

b
The Department of Defense (DoD) logon banner must be displayed prior to any login attempt.
AC-8 - Medium - CCI-000048 - V-256884 - SV-256884r958390_rule
RMF Control
AC-8
Severity
Medium
CCI
CCI-000048
Version
HMC0160
Vuln IDs
  • V-256884
  • V-24362
Rule IDs
  • SV-256884r958390_rule
  • SV-30030
Failure to display the required DoD logon banner prior to a login attempt may void legal proceedings resulting from unauthorized access to system resources and may leave the SA, IAO, IAM, and Installation Commander open to legal proceedings for not advising users that keystrokes are being audited.
Checks: C-60559r890996_chk

Have the reviewer verify that the logon banner reads as follows:on the Create Welcome Text window: STANDARD MANDATORY DOD NOTICE AND CONSENT BANNER You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details. If any item in above is untrue, this is a FINDING.

Fix: F-60502r890997_fix

The System Administrator will update the logon banner by going to the Create Welcome Text Task to read as follows: STANDARD MANDATORY DOD NOTICE AND CONSENT BANNER You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.

b
A private web server must subscribe to certificates, issued from any DOD-authorized Certificate Authority (CA), as an access control mechanism for web users.
- Medium - CCI-003992 - V-256885 - SV-256885r998338_rule
RMF Control
Severity
Medium
CCI
CCI-003992
Version
HMC0170
Vuln IDs
  • V-256885
  • V-24363
Rule IDs
  • SV-256885r998338_rule
  • SV-30031
If the Hardware Management Consoles (HMC) is network-connected, use SSL encryption techniques, through digital certificates to provide message privacy, message integrity and mutual authentication between clients and servers. To maintain data integrity the IBM Certificate distributed with the HMC's is to be replaced by a DOD-authorized Certificate. Note: This check applies only to network-connected HMCs.
Checks: C-60560r998336_chk

The System Reviewer will have the system administrator (SA) use the Hardware Management Console Certificate Management Task to validate that the private key and certificate shipped with any network-connected HMC from IBM was replaced with an approved DOD-authorized Certificate. Note: This check applies only to network-connected HMCs. Note: DOD certificates should display the following Information: 'OU=PKI.OU=DoD.O=U.S. Government.C=US' If private web server does not subscribe to certificates issued from any DOD-authorized Certificate Authority (CA) as an access control mechanism for web users, this is a finding.

Fix: F-60503r998337_fix

The SA must order a DOD PKI to replace the IBM Certificate and then use the Hardware Management Console Certificate Management Task to install it. Note: This only applies to networked HMCs.

b
Hardware Management Console audit record content data must be backed up.
AU-9 - Medium - CCI-001348 - V-256886 - SV-256886r958754_rule
RMF Control
AU-9
Severity
Medium
CCI
CCI-001348
Version
HMC0180
Vuln IDs
  • V-256886
  • V-24364
Rule IDs
  • SV-256886r958754_rule
  • SV-30032
The Hardware Management Console has the ability to backup and display the following data: 1) Critical console data 2) Critical hard disk information 3) Backup of critical CPC data and 4) Security Logs. Failure to backup and archive the listed data could make auditing of system incidents and history unavailable and could impact recovery for failed components.
Checks: C-60561r891002_chk

Have the System Administrator produce a log by date validating that backups are being performed for Security logs and Critical console data on a routine scheduled basis (e.g., daily, weekly, monthly, quarterly, annually) and copies are rotated to off site storage. Compare the list of backups made to a physical inventory of storage media to verify that HMC backups are being retained as expected. If backups are either not being made, or there are obvious gaps in storage and retention of the backups, this is a finding.

Fix: F-60504r891003_fix

The System Administrator will see that a log exists to verify that backups are being performed. This list will have the date and reason for the backup. Backup security logs. This task will archive a security log for the console. The backup critical console data backs up the data that is stored on your Hardware Management Console hard disk and is critical to support Hardware Management Console operations. You should back up the Hardware Management Console data after changes have been made to the Hardware Management Console or to the information associated with the processor cluster. Information associated with processor cluster changes is usually information that you are able to modify or add to the Hardware Management Console hard disk. Association of an activation profile to an object, the definition of a group, hardware configuration data, and receiving internal code changes are examples of modifying and adding information, respectively. Use this task after customizing your processor cluster in any way. A backup copy of hard disk information may be restored to your Hardware Management Console following the repair or replacement of the fixed disk.

b
Audit records content must contain valid information to allow for proper incident reporting.
AU-3 - Medium - CCI-000130 - V-256887 - SV-256887r958412_rule
RMF Control
AU-3
Severity
Medium
CCI
CCI-000130
Version
HMC0185
Vuln IDs
  • V-256887
  • V-25387
Rule IDs
  • SV-256887r958412_rule
  • SV-31556
The content of audit data must validate that the information contains: User IDs Successful and unsuccessful attempts to access security files (e.g., audit records, password files, access control files, etc) Date and time of the event Type of event Success or failure of event Successful and unsuccessful logons Denial of access resulting from excessive number of logon attempts Failure to not contain this information may hamper attempts to trace events and not allow proper tracking of incidents during a forensic investigation
Checks: C-60562r891005_chk

Have the System Administrator validate the audit records contain valid information to allow for a proper incident tracking. Use the View Console Events task to display contents of security logs. Use the View Console Events task to view security logs and validate that it has the following information: User IDs Successful and unsuccessful attempts to access security files (e.g., audit records, password files, access control files, etc) Date and time of the event Type of event Success or failure of event Successful and unsuccessful logons Denial of access resulting from excessive number of logon attempts

Fix: F-60505r891006_fix

Have the System Administrator check the content of audit records. Use the View Console Events task to view security logs and validate that it has the following information: User IDs Successful and unsuccessful attempts to access security files (e.g., audit records, password files, access control files, etc) Date and time of the event Type of event Success or failure of event Successful and unsuccessful logons Denial of access resulting from excessive number of logon attempts

b
Hardware Management Console management must be accomplished by using the out-of-band or direct connection method.
AC-17 - Medium - CCI-001453 - V-256888 - SV-256888r991589_rule
RMF Control
AC-17
Severity
Medium
CCI
CCI-001453
Version
HMC0200
Vuln IDs
  • V-256888
  • V-24373
Rule IDs
  • SV-256888r991589_rule
  • SV-30043
Removing the management traffic from the production network diminishes the security profile of the Hardware Management Console servers by allowing all the management ports to be closed on the production network. The System Administrator will ensure that Hardware Management Console management is accomplished using the out-of-band or direct connection method.
Checks: C-60563r891008_chk

The System Administrator will validate that the Hardware Management Console management connection will use TCP/IP with encryption on an out-of-band network. If the Hardware Management Console management connection does not use TCP/IP with encryption on an out-of-band network then this is a FINDING.

Fix: F-60506r891009_fix

The System Administrator will work with the NSO to see that the Hardware Management Console management is set up with encryption on an out-of band network.

c
Product engineering access to the Hardware Management Console must be disabled.
AC-6 - High - CCI-002235 - V-256889 - SV-256889r958726_rule
RMF Control
AC-6
Severity
High
CCI
CCI-002235
Version
HMC0210
Vuln IDs
  • V-256889
  • V-25388
Rule IDs
  • SV-256889r958726_rule
  • SV-31558
The Hardware Management Console has a built-in feature that allows Product Engineers access to the console. With access authority, IBM Product Engineering can log on the Hardware Management Console with an exclusive user identification (ID) that provides tasks and operations for problem determination. Product Engineering access is provided by a reserved password and permanent user ID. You cannot view, discard, or change the password and user ID, but you can control their use for accessing the Hardware Management Console. User IDs and passwords that are hard-coded and cannot be modified are a violation of NIST 800-53 and multiple other compliance regulations. Failure to disable this access would allow unauthorized access and could lead to security violations on the HMC.
Checks: C-60564r891011_chk

Have the System Administrator or System Programmer validate that IBM Product Engineering access to the Hardware Management Console is disabled. This can be checked under the classic style user interface; this task is found under the Hardware Management Console Settings console action. Open the Customize Product Engineering Access task. The Customize Product Engineering Access window is displayed. Select the appropriate accesses for product engineering or remote product engineering. (Both should be disabled.) Click OK to save the changes and exit the task. If access to the Customize Product Engineering Access is not disabled, than this is a finding.

Fix: F-60507r891012_fix

The System Administrator or System Programmer will set the Product Engineering Access control for product engineering or remote product engineering to a disabled status. This can be checked under the classic style user interface; this task is found under the Hardware Management Console Settings console action. Open the Customize Product Engineering Access task. The Customize Product Engineering Access window is displayed. Select the appropriate accesses for product engineering or remote product engineering. (Both should be disabled) Click OK to save the changes and exit the task.

c
Connection to the Internet for IBM remote support must be in compliance with the Remote Access STIGs.
CM-6 - High - CCI-000366 - V-256890 - SV-256890r991589_rule
RMF Control
CM-6
Severity
High
CCI
CCI-000366
Version
HMC0220
Vuln IDs
  • V-256890
  • V-25400
Rule IDs
  • SV-256890r991589_rule
  • SV-31580
Failure to securely connect to remote sites can leave systems open to multiple attacks and security violations through the network. Failure to securely implement remote support connections can lead to unauthorized access or denial of service attacks on the Hardware Management Console.
Checks: C-60565r891014_chk

Have the Network Security Engineer or system Programmer check, that the remote Internet connection for IBM RSF support has met the requirements of the Remote Access STIGs. For controls that are a part of IBM’s closed system that cannot be updated or changed by customers, review provided documentation, such as found in the HMC Broadband Support manuals or a letter of Attestation provided by IBM assuring compliance. If the security measures in the Remote Access STIGs are not fully compliant and there is no supporting documentation or Letter of attestation on file with the IAM/IAO this is a finding.

Fix: F-60508r891015_fix

The Network Security Officer or System Programmer should make any changes required for IBM RSF to meet the requirements stipulated in the Remote Access STIGs. Also any documentation or letters of Attestation should be placed on file with the IAM/IAO. The letter of attestation must be signed by an authorized representative of IBM. The letter should contain certification that the security measures identified in the Remote Access STIGs are in compliance.

c
Connection to the Internet for IBM remote support must be in compliance with mitigations specified in the Ports and Protocols and Services Management (PPSM) requirements.
CM-6 - High - CCI-000366 - V-256891 - SV-256891r991589_rule
RMF Control
CM-6
Severity
High
CCI
CCI-000366
Version
HMC0225
Vuln IDs
  • V-256891
  • V-25405
Rule IDs
  • SV-256891r991589_rule
  • SV-31589
Failure to securely connect to remote sites can leave systems open to multiple attacks and security violations through the network. Failure to securely implement remote support connections can lead to unauthorized access or denial of service attacks on theHardware Management Console.
Checks: C-60566r891017_chk

Have the Network Security Engineer check, that the remote Internet connection for IBM RSF support has met the mitigations outlined in Vulnerability Analysis for port 443/SSL in the PPSM requirements.

Fix: F-60509r891018_fix

Have the Network Security Officer validate that the Internet connection meets the specifications in the PPSM requirements.