II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000324-GPOS-00125
Group -
Sign-on to the ESCD Application Console must be restricted to only authorized personnel.
The ESCD Application Console is used to add, change, and delete port configurations and to dynamically switch paths between devices. Access to the ESCD Application Console is restricted to three cl...Rule Medium Severity -
SRG-OS-000062-GPOS-00031
Group -
The ESCON Director Application Console Event log must be enabled.
The ESCON Director Console Event Log is used to record all ESCON Director Changes. Failure to create an ESCON Director Application Console Event log results in the lack of monitoring and accountabi...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
The Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.
The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthorized personnel could result in varying of ESCON Directors online or offli...Rule Medium Severity -
SRG-OS-000104-GPOS-00051
Group -
DCAF Console access must require a password to be entered by each user.
The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthorized personnel could result in varying of ESCON Directors online or offli...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
Unauthorized partitions must not exist on the system complex.
The running of unauthorized Logical Partitions (LPARs) could allow a “Trojan horse” version of the operating environment to be introduced into the system complex. This could impact the integrity of...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
On Classified Systems, Logical Partition must be restricted with read/write access to only its own IOCDS.
Unrestricted control over the IOCDS files could result in unauthorized updates and impact the configuration of the environment by allowing unauthorized access to a restricted resource. This could s...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands.
Unrestricted control over the issuing of system commands by a Logical Partition could result in unauthorized data access and inadvertent updates. This could result in severe damage to system resour...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Classified Logical Partition (LPAR) channel paths must be restricted.
Restricted LPAR channel paths are necessary to ensure data integrity. Unrestricted LPAR channel path access could result in a compromise of data integrity. When a classified LPAR exists on a mainfr...Rule High Severity -
SRG-OS-000080-GPOS-00048
Group -
On Classified Systems the Processor Resource/Systems Manager (PR/SM) must not allow access to system complex data.
Allowing unrestricted access to all Logical Partition data could result in the possibility of unauthorized access and updating of data. This could also impact the integrity of the processing enviro...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Central processors must be restricted for classified/restricted Logical Partitions (LPARs).
Allowing unrestricted access to classified processors for all LPARs could cause the corruption and loss of classified data sets, which could compromise classified processing.Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.