IBM Hardware Management Console (HMC) Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Enterprise System Connection (ESCON) Director (ESCD) Application Console must be located in a secure location
The ESCD Application Console is used to add, change, and delete port configurations and dynamically switch paths between devices. If the ESCON Director Application Console is not located in a secur...Rule High Severity -
Sign-on to the ESCD Application Console must be restricted to only authorized personnel.
The ESCD Application Console is used to add, change, and delete port configurations and to dynamically switch paths between devices. Access to the ESCD Application Console is restricted to three cl...Rule Medium Severity -
Classified Logical Partition (LPAR) channel paths must be restricted.
Restricted LPAR channel paths are necessary to ensure data integrity. Unrestricted LPAR channel path access could result in a compromise of data integrity. When a classified LPAR exists on a mainfr...Rule High Severity -
Central processors must be restricted for classified/restricted Logical Partitions (LPARs).
Allowing unrestricted access to classified processors for all LPARs could cause the corruption and loss of classified data sets, which could compromise classified processing.Rule High Severity -
The Hardware Management Console must be located in a secure location.
The Hardware Management Console is used to perform Initial Program Load (IPLs) and control the Processor Resource/System Manager (PR/SM). If the Hardware Management Console is not located in a secu...Rule High Severity -
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be restricted to an authorized vendor site.
Dial-out access from the Hardware Management Console could impact the integrity of the environment, by enabling the possible introduction of spyware or other malicious code. It is important to note...Rule Medium Severity -
Predefined task roles to the Hardware Management Console (HMC) must be specified to limit capabilities of individual users.
Individual task roles with access to specific resources if not created and restricted, will allow unrestricted access to system functions. The following is an example of some managed resource categ...Rule Medium Severity -
Maximum failed password attempts before disable delay must be set to 3 or less.
The Maximum failed attempts before disable delay is not set to 3. This specifies the number of consecutive incorrect password attempts the Hardware Management Console allows as 3 times, before sett...Rule Medium Severity -
A maximum of 60-minute delay must be specified for the password retry after 3 failed attempts to enter your password
The Maximum failed attempts before disable delay is not set to 3. This specifies the number of consecutive incorrect password attempts the Hardware Management Console allows as 3 times, before sett...Rule Low Severity -
Hardware Management Console audit record content data must be backed up.
The Hardware Management Console has the ability to backup and display the following data: 1) Critical console data 2) Critical hard disk information 3) Backup of critical CPC data and 4) Security L...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.