IBM zVM Using CA VM:Secure Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The IBM z/VM Portmapper server virtual machine userID must be included in the AUTOLOG statement of the TCP/IP server configuration file.
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the...Rule Medium Severity -
CA VM:Secure product MANAGE command must be restricted to system administrators.
Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which...Rule Medium Severity -
The IBM z/VM TCP/IP SECUREDATA option for FTP must be set to REQUIRED.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, for example, during aggregation, at protocol transformation points, and during pa...Rule Medium Severity -
IBM z/VM TCP/IP config file INTERNALCLIENTPARMS statement must be properly configured.
Remote access services, such as those providing remote access to network devices and information systems, which lack automated control capabilities, increase risk and make remote user access manage...Rule Medium Severity -
The IBM z/VM TCP/IP SECURETELNETCLIENT option for telnet must be set to YES.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, for example, during aggregation, at protocol transformation points, and during pa...Rule Medium Severity -
The IBM z/VM Privilege Class F must be restricted to service representatives and system administrators only.
Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Privileg...Rule Medium Severity -
CA VM:Secure product VMXRPI configuration file must be restricted to authorized personnel.
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security ba...Rule Medium Severity -
CA VM:Secure product CONFIG file must be restricted to appropriate personnel.
Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture and/or functionality of the system....Rule Medium Severity -
CA VM:Secure Product SFS configuration file must be restricted to appropriate personnel.
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security ba...Rule Medium Severity -
The IBM z/VM System administrator must develop a notification routine for account management.
Information system accounts are utilized for identifying individual users or for identifying the operating system processes themselves. In order to detect and respond to events affecting user acces...Rule Medium Severity -
The IBM z/VM system administrator must develop routines and processes for the proper configuration and maintenance of Software.
Proper configuration management procedures for information systems provide for the proper configuration and maintenance in accordance with local policies restrictions and/or rules. Failure to prope...Rule Medium Severity -
IBM z/VM system administrator must develop procedures to manually control temporary, interactive, and emergency accounts.
Proper handling of temporary, inactive, and emergency accounts require automatic notification and action rather than at the convenience of the systems administrator. However in the absence of autom...Rule Medium Severity -
The IBM z/VM system administrator must develop and perform a procedure to validate the correct operation of security functions.
Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwar...Rule Medium Severity -
The IBM z/VM TCP/IP DOMAINLOOKUP statement must be properly configured.
If data origin authentication and data integrity verification are not performed, the resultant response could be forged, it may have come from a poisoned cache, the packets could have been intercep...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.