IBM Hardware Management Console (HMC) STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
HMC0040
<GroupDescription></GroupDescription>Group -
HLESC020
<GroupDescription></GroupDescription>Group -
Sign-on to the ESCD Application Console must be restricted to only authorized personnel.
<VulnDiscussion>The ESCD Application Console is used to add, change, and delete port configurations and to dynamically switch paths between d...Rule Medium Severity -
HLESC030
<GroupDescription></GroupDescription>Group -
The ESCON Director Application Console Event log must be enabled.
<VulnDiscussion>The ESCON Director Console Event Log is used to record all ESCON Director Changes. Failure to create an ESCON Director Applic...Rule High Severity -
HLESC080
<GroupDescription></GroupDescription>Group -
The Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.
<VulnDiscussion>The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthori...Rule Medium Severity -
HMC0010
<GroupDescription></GroupDescription>Group -
The Hardware Management Console must be located in a secure location.
<VulnDiscussion>The Hardware Management Console is used to perform Initial Program Load (IPLs) and control the Processor Resource/System Mana...Rule High Severity -
HMC0030
<GroupDescription></GroupDescription>Group -
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be restricted to an authorized vendor site.
<VulnDiscussion>Dial-out access from the Hardware Management Console could impact the integrity of the environment, by enabling the possible ...Rule Medium Severity -
Access to the Hardware Management Console must be restricted to only authorized personnel.
<VulnDiscussion>Access to the Hardware Management Console if not properly restricted to authorized personnel could lead to a bypass of securi...Rule Medium Severity -
HMC0050
<GroupDescription></GroupDescription>Group -
Automatic Call Answering to the Hardware Management Console must be disabled.
<VulnDiscussion>Automatic Call Answering to the Hardware Management Console allows unrestricted access by unauthorized personnel and could le...Rule Medium Severity -
HMC0070
<GroupDescription></GroupDescription>Group -
The Hardware Management Console Event log must be active.
<VulnDiscussion>The Hardware Management Console controls the operation and availability of the Central Processor Complex (CPC). Failure to cr...Rule Medium Severity -
HMC0080
<GroupDescription></GroupDescription>Group -
Unauthorized partitions must not exist on the system complex.
<VulnDiscussion>The running of unauthorized Logical Partitions (LPARs) could allow a “Trojan horse” version of the operating environment to b...Rule Medium Severity -
HLP0020
<GroupDescription></GroupDescription>Group -
On Classified Systems, Logical Partition must be restricted with read/write access to only its own IOCDS.
<VulnDiscussion>Unrestricted control over the IOCDS files could result in unauthorized updates and impact the configuration of the environmen...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.