Skip to content

A private web server must subscribe to certificates, issued from any DoD-authorized Certificate Authority, as an access control mechanism for web users.

An XCCDF Rule

Description

<VulnDiscussion>If the Hardware Management Consoles (HMC) is network-connected, use SSL encryption techniques, through digital certificates to provide message privacy, message integrity and mutual authentication between clients and servers. To maintain data integrity the IBM Certificate distributed with the HMC's is to be replaced by a DoD-authorized Certificate. Note: This check applies only to network-connected HMCs.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Systems Programmer</Responsibility><IAControls>IATS-1, IATS-2</IAControls>

ID
SV-30031r3_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

The System Administrator must order a DoD PKI to replace the IBM Certificate and then  the System Administrator must use the Hardware Management Console Certificate Management Task to install it.

Note: This only applies to networked HMCs.