II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000096-GPOS-00050
Group -
All IBM z/VM TCP/IP Ports must be restricted to ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...Rule Medium Severity -
SRG-OS-000118-GPOS-00060
Group -
The IBM z/VM Security Manager must provide a procedure to disable userIDs after 35 days of inactivity.
Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts...Rule Medium Severity -
SRG-OS-000120-GPOS-00061
Group -
The IBM z/VM TCP/IP VMSSL command operands must be configured properly.
VMSSL services are initiated using the VMSSL command defined in the DTCPARMS file. Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore ...Rule High Severity -
SRG-OS-000121-GPOS-00062
Group -
The IBM z/VM TCP/IP ANONYMOU statement must not be coded in FTP configuration.
Operating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to cryptographic modules.Rule Medium Severity -
SRG-OS-000132-GPOS-00067
Group -
CA VM:Secure product ADMIN GLOBALS command must be restricted to systems programming personnel.
Operating system management functionality includes functions necessary for administration and requires privileged user access. Allowing non-privileged users to access operating system management fu...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.