I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000096-GPOS-00050
Group -
All IBM z/VM TCP/IP Ports must be restricted to ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...Rule Medium Severity -
SRG-OS-000118-GPOS-00060
Group -
The IBM z/VM Security Manager must provide a procedure to disable userIDs after 35 days of inactivity.
Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts...Rule Medium Severity -
SRG-OS-000120-GPOS-00061
Group -
The IBM z/VM TCP/IP VMSSL command operands must be configured properly.
VMSSL services are initiated using the VMSSL command defined in the DTCPARMS file. Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore ...Rule High Severity -
SRG-OS-000121-GPOS-00062
Group -
The IBM z/VM TCP/IP ANONYMOU statement must not be coded in FTP configuration.
Operating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to cryptographic modules.Rule Medium Severity -
SRG-OS-000132-GPOS-00067
Group -
CA VM:Secure product ADMIN GLOBALS command must be restricted to systems programming personnel.
Operating system management functionality includes functions necessary for administration and requires privileged user access. Allowing non-privileged users to access operating system management fu...Rule Medium Severity -
SRG-OS-000134-GPOS-00068
Group -
CA VM:Secure must have a security group for Security Administrators only.
An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions. Security functions are the hardware, software, and...Rule Medium Severity -
SRG-OS-000138-GPOS-00069
Group -
The IBM z/VM SYSTEM CONFIG file must be configured to clear TDISK on IPL.
Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of ...Rule Medium Severity -
SRG-OS-000142-GPOS-00071
Group -
The IBM z/VM TCP/IP FOREIGNIPCONLIMIT statement must be properly configured.
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. Managing exc...Rule Medium Severity -
SRG-OS-000142-GPOS-00071
Group -
The IBM z/VM TCP/IP PERSISTCONNECTIONLIMIT statement must be properly configured.
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. Managing exc...Rule Medium Severity -
SRG-OS-000142-GPOS-00071
Group -
The IBM z/VM TCP/IP PENDINGCONNECTIONLIMIT statement must be properly configured.
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. Managing exc...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.