Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be restricted to an authorized vendor site.
An XCCDF Rule
Description
<VulnDiscussion>Dial-out access from the Hardware Management Console could impact the integrity of the environment, by enabling the possible introduction of spyware or other malicious code. It is important to note that it should be properly configured to only go to an authorized vendor site. Note: This feature will be activated for Non-Classified Systems only. Also, many newer processors (e.g., zEC12/zBC12 processors) will not have modems. If there is no modem, this check is not applicable.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Security Manager</Responsibility><Responsibility>Systems Programmer</Responsibility><IAControls>EBRP-1, EBRU-1</IAControls>
- ID
- SV-30007r3_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
When this feature is turned on for non-classified systems, the site must verify that the remote site information is valid.
The RSF, which is also commonly referred to as call home, is one of the key components that contributes to zero downtime on System z hardware.
The Hardware Management Console RSF provides communication to an IBM support network, known as RETAIN for hardware problem reporting and service.
When a Hardware Management Console enables RSF, the Hardware Management Console then becomes a call home server.