IBM Hardware Management Console (HMC) Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Audit records content must contain valid information to allow for proper incident reporting.
The content of audit data must validate that the information contains: User IDs Successful and unsuccessful attempts to access security files (e.g., audit records, password files, access control ...Rule Medium Severity -
Hardware Management Console management must be accomplished by using the out-of-band or direct connection method.
Removing the management traffic from the production network diminishes the security profile of the Hardware Management Console servers by allowing all the management ports to be closed on the produ...Rule Medium Severity -
Product engineering access to the Hardware Management Console must be disabled.
The Hardware Management Console has a built-in feature that allows Product Engineers access to the console. With access authority, IBM Product Engineering can log on the Hardware Management Console...Rule High Severity -
Connection to the Internet for IBM remote support must be in compliance with the Remote Access STIGs.
Failure to securely connect to remote sites can leave systems open to multiple attacks and security violations through the network. Failure to securely implement remote support connections can lead...Rule High Severity -
Connection to the Internet for IBM remote support must be in compliance with mitigations specified in the Ports and Protocols and Services Management (PPSM) requirements.
Failure to securely connect to remote sites can leave systems open to multiple attacks and security violations through the network. Failure to securely implement remote support connections can lead...Rule High Severity -
On Classified Systems, Logical Partition must be restricted with read/write access to only its own IOCDS.
Unrestricted control over the IOCDS files could result in unauthorized updates and impact the configuration of the environment by allowing unauthorized access to a restricted resource. This could s...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
SRG-OS-000062-GPOS-00031
Group -
The ESCON Director Application Console Event log must be enabled.
The ESCON Director Console Event Log is used to record all ESCON Director Changes. Failure to create an ESCON Director Application Console Event log results in the lack of monitoring and accountabi...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
The Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.
The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthorized personnel could result in varying of ESCON Directors online or offli...Rule Medium Severity -
SRG-OS-000104-GPOS-00051
Group -
DCAF Console access must require a password to be entered by each user.
The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthorized personnel could result in varying of ESCON Directors online or offli...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
Unauthorized partitions must not exist on the system complex.
The running of unauthorized Logical Partitions (LPARs) could allow a “Trojan horse” version of the operating environment to be introduced into the system complex. This could impact the integrity of...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
SRG-OS-000480-GPOS-00227
Group -
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be disabled for all classified systems.
This feature will not be activated for any classified systems. Allowing dial-out access from the Hardware Management Console could impact the integrity of the environment by enabling the possible i...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Access to the Hardware Management Console must be restricted to only authorized personnel.
Access to the Hardware Management Console if not properly restricted to authorized personnel could lead to a bypass of security, access to the system, and an altering of the environment. This would...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.