IBM Hardware Management Console (HMC) Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
On Classified Systems the Processor Resource/Systems Manager (PR/SM) must not allow access to system complex data.
<VulnDiscussion>Allowing unrestricted access to all Logical Partition data could result in the possibility of unauthorized access and updatin...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Central processors must be restricted for classified/restricted Logical Partitions (LPARs).
<VulnDiscussion>Allowing unrestricted access to classified processors for all LPARs could cause the corruption and loss of classified data se...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Hardware Management Console must be located in a secure location.
<VulnDiscussion>The Hardware Management Console is used to perform Initial Program Load (IPLs) and control the Processor Resource/System Mana...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Hardware Management Console audit record content data must be backed up.
<VulnDiscussion>The Hardware Management Console has the ability to backup and display the following data: 1) Critical console data 2) Critica...Rule Medium Severity -
SRG-OS-000037-GPOS-00015
<GroupDescription></GroupDescription>Group -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands.
<VulnDiscussion>Unrestricted control over the issuing of system commands by a Logical Partition could result in unauthorized data access and ...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Classified Logical Partition (LPAR) channel paths must be restricted.
<VulnDiscussion>Restricted LPAR channel paths are necessary to ensure data integrity. Unrestricted LPAR channel path access could result in a...Rule High Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
On Classified Systems, Logical Partition must be restricted with read/write access to only its own IOCDS.
<VulnDiscussion>Unrestricted control over the IOCDS files could result in unauthorized updates and impact the configuration of the environmen...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Sign-on to the ESCD Application Console must be restricted to only authorized personnel.
<VulnDiscussion>The ESCD Application Console is used to add, change, and delete port configurations and to dynamically switch paths between d...Rule Medium Severity -
SRG-OS-000062-GPOS-00031
<GroupDescription></GroupDescription>Group -
The ESCON Director Application Console Event log must be enabled.
<VulnDiscussion>The ESCON Director Console Event Log is used to record all ESCON Director Changes. Failure to create an ESCON Director Applic...Rule High Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
The Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.
<VulnDiscussion>The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthori...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.