III - Administrative Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
Group -
The Hardware Management Console must be located in a secure location.
The Hardware Management Console is used to perform Initial Program Load (IPLs) and control the Processor Resource/System Manager (PR/SM). If the Hardware Management Console is not located in a secu...Rule High Severity -
SRG-OS-000480-GPOS-00227
Group -
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be restricted to an authorized vendor site.
Dial-out access from the Hardware Management Console could impact the integrity of the environment, by enabling the possible introduction of spyware or other malicious code. It is important to note...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be disabled for all classified systems.
This feature will not be activated for any classified systems. Allowing dial-out access from the Hardware Management Console could impact the integrity of the environment by enabling the possible i...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Access to the Hardware Management Console must be restricted to only authorized personnel.
Access to the Hardware Management Console if not properly restricted to authorized personnel could lead to a bypass of security, access to the system, and an altering of the environment. This would...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Access to the Hardware Management Console (HMC) must be restricted by assigning users proper roles and responsibilities.
Access to the HMC if not properly controlled and restricted by assigning users proper roles and responsibilities, could allow modification to areas outside the need-to-know and abilities of the ind...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
Automatic Call Answering to the Hardware Management Console must be disabled.
Automatic Call Answering to the Hardware Management Console allows unrestricted access by unauthorized personnel and could lead to a bypass of security, access to the system, and an altering of the...Rule Medium Severity -
SRG-OS-000062-GPOS-00031
Group -
The Hardware Management Console Event log must be active.
The Hardware Management Console controls the operation and availability of the Central Processor Complex (CPC). Failure to create and maintain the Hardware Management Console Event log could result...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The manufacturer’s default passwords must be changed for all Hardware Management Console (HMC) Management software.
The changing of passwords from the HMC default values, blocks malicious users with knowledge of these default passwords, from creating a denial of service or from reconfiguring the HMC topology le...Rule High Severity -
SRG-OS-000080-GPOS-00048
Group -
Predefined task roles to the Hardware Management Console (HMC) must be specified to limit capabilities of individual users.
Individual task roles with access to specific resources if not created and restricted, will allow unrestricted access to system functions. The following is an example of some managed resource categ...Rule Medium Severity -
SRG-OS-000104-GPOS-00051
Group -
Individual user accounts with passwords must be maintained for the Hardware Management Console operating system and application.
Without identification and authentication, unauthorized users could reconfigure the Hardware Management Console or disrupt its operation by logging in to the system or application and execute unau...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.