II - Mission Support Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
Group -
IBM z/VM must employ a Session manager.
A session manager controls the semi-permanent interactive information interchange, also known as a dialogue, between a user and z/VM. Without the use of a session manager these semi-permanent inter...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The IBM z/VM System administrator must develop a notification routine for account management.
Information system accounts are utilized for identifying individual users or for identifying the operating system processes themselves. In order to detect and respond to events affecting user acces...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The IBM z/VM system administrator must develop routines and processes for the proper configuration and maintenance of Software.
Proper configuration management procedures for information systems provide for the proper configuration and maintenance in accordance with local policies restrictions and/or rules. Failure to prope...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
IBM z/VM must be protected by an external firewall that has a deny-all, allow-by-exception policy.
Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Firewalls provide monitoring and control of communications at the external boundary of an info...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The IBM z/VM System administrator must develop routines and processes for notification in the event of audit failure.
Audit processing failures include, for example, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Without proper notificati...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The IBM z/VM system administrator must develop procedures maintaining information system operation in the event of anomalies.
If anomalies are not acted upon, security functions may fail to secure the system.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
IBM z/VM system administrator must develop procedures to manually control temporary, interactive, and emergency accounts.
Proper handling of temporary, inactive, and emergency accounts require automatic notification and action rather than at the convenience of the systems administrator. However in the absence of autom...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
IBM z/VM must have access to an audit reduction tool that allows for central data review and analysis.
Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generati...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The IBM z/VM system administrator must develop and perform a procedure to validate the correct operation of security functions.
Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwar...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
IBM z/VM must employ Clock synchronization software.
Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when condu...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.