AIX must protect the confidentiality and integrity of all information at rest.

An XCCDF Rule

Description

<VulnDiscussion>Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system. This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-215207r508663_rule
Severity: Medium
References: CCI-001199
Updated: 8 months ago

Install "clic.rte" fileset if it is not installed using command:
# installp -aXYqg -d /dev/cd0 clic.rte

Run the follow command to initialize and enable EFS on the system:
# efsenable -a
To create a new EFS-enabled JFS2 file system and mount the file system, using the following commands:
# crfs -v jfs2 -g rootvg -m /fs2 -a size=100M -a efs=yes
# mount /fs2

To enable EFS on a JFS2 file system (like, /fs3), run the following command:
chfs -a efs=yes /fs3

AIX must protect the confidentiality and integrity of all information at rest.

Description

Remediation - Manual Procedure