Cyber · Trackr The Free Compliance Library
⌘K
DoD Compliance · STIG

IBM Hardware Management Console (HMC) STIG Policies

V1R2 · · · Released 20 Jan 2015 · 4 rules
Compare

Pick two releases to diff their requirements.

View

Open a previous version of this STIG.

Policy and Documentation Vulnerabilities for IBM Hardware Management Console (HMC).
Digest of Updates vs. V1R2 · 20 Jan 2015 No substantive changes

Comparison against the immediately-prior release (V1R2). Rule matching uses the Group Vuln ID. Content-change detection compares the rule’s description, check, and fix text after stripping inline markup — cosmetic-only edits aren’t flagged.

No substantive changes detected against the previous release. 4 rules matched cleanly.

Sort by
a
Initial Program Load (IPL) Procedures must exists for each partition defined to the system.
PE-1 - Low - CCI-000904 - V-24841 - SV-30530r1_rule
RMF Control
PE-1
Severity
L
CCI
CCI-000904
Version
HMCP0010
Vuln IDs
  • V-24841
Rule IDs
  • SV-30530r1_rule
If procedures for performing IPLs are not in place, it is extremely difficult to ensure overall operating system integrity.System AdministratorInformation Assurance OfficerInformation Assurance ManagerSystems ProgrammerCOTR-1
Checks: C-30867r1_chk

Have the Systems Administrator validate that IPL Procedures Documentation exists for all partitions that are defined on the system. Using the Hardware Management Console, do the following: 1) Access CPC Images Group displays. (This will list the LPARs.) 2) Compare the partition names listed on the Partition Page to validate that IPL procedures exist for each entered on the Central Processor Complex Domain/LPAR Names. If IPL Procedures do not exist for each partition, this is a FINDING.

Fix: F-27488r1_fix

Create or refine procedures for performing IPLs for the LPARs/partitions defined on the system.

a
Power On Reset (POR) Procedures must be documented for each system.
PE-1 - Low - CCI-000904 - V-24842 - SV-30531r1_rule
RMF Control
PE-1
Severity
L
CCI
CCI-000904
Version
HMCP0110
Vuln IDs
  • V-24842
Rule IDs
  • SV-30531r1_rule
If procedures for performing PORs are not in place, it is extremely difficult to ensure overall operating system integritySystem AdministratorInformation Assurance OfficerInformation Assurance ManagerSystems ProgrammerCOTR-1
Checks: C-30869r1_chk

Review the POR procedures with the System Administrator. Review documentation for completeness and accuracy. If no documentation exists, this is a FINDING

Fix: F-27489r1_fix

Create or refine procedures for performing PORs.

a
System shutdown procedures documentation must exist for each partition defined to the system.
PE-1 - Low - CCI-000904 - V-24843 - SV-30532r1_rule
RMF Control
PE-1
Severity
L
CCI
CCI-000904
Version
HMCP0120
Vuln IDs
  • V-24843
Rule IDs
  • SV-30532r1_rule
If procedures for performing system shutdowns are not in place, it is extremely difficult to ensure overall data and operating system integrity.System AdministratorInformation Assurance OfficerInformation Assurance ManagerSystems ProgrammerCOTR-1
Checks: C-30870r1_chk

Have the System Administrator validate that System Shutdown Documentation exists for all partitions that are defined on the system. a) Using the Hardware Management Console, do the following: 1) Access CPC Images Group displays. (This will list the LPARs.) 2) Compare the partition names listed on the Partition Page to validate that System Shutdown procedures exist for each entered on the Central Processor Complex Domain/LPAR Names. If System Shutdown Procedures do not exist for each partition, this is a FINDING.

Fix: F-27490r1_fix

Create or refine procedures for performing system shutdowns for each partition.

b
Backup of critical data for the HMC and its components must be documented and tracked
CP-9 - Medium - CCI-000537 - V-24844 - SV-30533r1_rule
RMF Control
CP-9
Severity
M
CCI
CCI-000537
Version
HMCP0130
Vuln IDs
  • V-24844
Rule IDs
  • SV-30533r1_rule
If procedures for performing backup and recovery of critical data for the HMC is not in place, system recoverability may be jeopardized and overall security compromised.System AdministratorInformation Assurance OfficerInformation Assurance ManagerSystems ProgrammerCOTR-1
Checks: C-30871r1_chk

Review the documentation for backup of critical data for a HMC with the System Administrator. Review documentation for completeness and accuracy. If no documentation exists, this is a FINDING.

Fix: F-27491r1_fix

Verify that procedures for backup of the critical data for the HMCs are properly documented. If not, create Backup Procedures documentation. CPC data should be backed-up when configuration or CPC- licensed internal code changes have been made or as a routine preventive maintenance procedure.