IBM Hardware Management Console (HMC) Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Individual user accounts with passwords must be maintained for the Hardware Management Console operating system and application.
<VulnDiscussion>Without identification and authentication, unauthorized users could reconfigure the Hardware Management Console or disrupt it...Rule Medium Severity -
SRG-OS-000077-GPOS-00045
<GroupDescription></GroupDescription>Group -
The PASSWORD History Count value must be set to 10 or greater.
<VulnDiscussion>History Count specifies the number of previous passwords saved for each USERID and compares it with an intended new password....Rule Medium Severity -
SRG-OS-000076-GPOS-00044
<GroupDescription></GroupDescription>Group -
The PASSWORD expiration day(s) value must be set to equal or less then 60 days.
<VulnDiscussion>Expiration Day(s) specifies the maximum number of days that each user's password is valid. When a user logs on to the Hardwar...Rule Medium Severity -
SRG-OS-000021-GPOS-00005
<GroupDescription></GroupDescription>Group -
A private web server must subscribe to certificates, issued from any DOD-authorized Certificate Authority (CA), as an access control mechanism for web users.
<VulnDiscussion>If the Hardware Management Consoles (HMC) is network-connected, use SSL encryption techniques, through digital certificates t...Rule Medium Severity -
Maximum failed password attempts before disable delay must be set to 3 or less.
<VulnDiscussion>The Maximum failed attempts before disable delay is not set to 3. This specifies the number of consecutive incorrect password...Rule Medium Severity -
SRG-OS-000329-GPOS-00128
<GroupDescription></GroupDescription>Group -
A maximum of 60-minute delay must be specified for the password retry after 3 failed attempts to enter your password
<VulnDiscussion>The Maximum failed attempts before disable delay is not set to 3. This specifies the number of consecutive incorrect password...Rule Low Severity -
SRG-OS-000069-GPOS-00037
<GroupDescription></GroupDescription>Group -
The password values must be set to meet the requirements in accordance with DODI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE [IA] AND COMPUTER NETWORK DEFENSE [CND]).
<VulnDiscussion>In accordance with DODI 8500.2 for DOD information systems processing sensitive information and above and CJCSI 6510.01E (INF...Rule Medium Severity -
SRG-OS-000029-GPOS-00010
<GroupDescription></GroupDescription>Group -
The terminal or workstation must lock out after a maximum of 15 minutes of inactivity, requiring the account password to resume.
<VulnDiscussion>If the system, workstation, or terminal does not lock the session after more than15 minutes of inactivity, requiring a passwo...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
<GroupDescription></GroupDescription>Group -
The Department of Defense (DoD) logon banner must be displayed prior to any login attempt.
<VulnDiscussion>Failure to display the required DoD logon banner prior to a login attempt may void legal proceedings resulting from unauthori...Rule Medium Severity -
SRG-OS-000366-GPOS-00153
<GroupDescription></GroupDescription>Group -
SRG-OS-000342-GPOS-00133
<GroupDescription></GroupDescription>Group -
Audit records content must contain valid information to allow for proper incident reporting.
<VulnDiscussion>The content of audit data must validate that the information contains: User IDs Successful and unsuccessful attempts to acc...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.