Access to the Hardware Management Console must be restricted to only authorized personnel.

An XCCDF Rule

Description

<VulnDiscussion>Access to the Hardware Management Console if not properly restricted to authorized personnel could lead to a bypass of security, access to the system, and an altering of the environment. This would result in a loss of secure operations and can cause an impact to data operating environment integrity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256871r958726_rule
Severity: Medium
References: CCI-002227 CCI-002235
Updated: 17 days ago

The System Administrator will see that sign-on access to the Hardware Management Console is restricted to authorized personnel and that a DD2875 is on file for each user ID. 

Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities.

The System Administrator must see that the list and users defined to the Hardware Management Console match.

Access to the Hardware Management Console must be restricted to only authorized personnel.

Description

Remediation - Manual Procedure