Skip to content

Product engineering access to the Hardware Management Console must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>The Hardware Management Console has a built-in feature that allows Product Engineers access to the console. With access authority, IBM Product Engineering can log on the Hardware Management Console with an exclusive user identification (ID) that provides tasks and operations for problem determination. Product Engineering access is provided by a reserved password and permanent user ID. You cannot view, discard, or change the password and user ID, but you can control their use for accessing the Hardware Management Console. User IDs and passwords that are hard-coded and cannot be modified are a violation of NIST 800-53 and multiple other compliance regulations. Failure to disable this access would allow unauthorized access and could lead to security violations on the HMC.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-256889r958726_rule
Severity
High
References
Updated



Remediation - Manual Procedure

The System Administrator or System Programmer will set the
Product Engineering Access control for product engineering or remote product engineering to a disabled status.

This can be checked under the classic style user interface; this task is found under the Hardware Management Console Settings console action.
Open the Customize Product Engineering Access task. The Customize Product Engineering Access window is displayed. 
Select the appropriate accesses for product engineering or remote product engineering. (Both should be disabled)