III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
HLP0010
<GroupDescription></GroupDescription>Group -
Unauthorized partitions must not exist on the system complex.
<VulnDiscussion>The running of unauthorized Logical Partitions (LPARs) could allow a “Trojan horse” version of the operating environment to b...Rule Medium Severity -
HLP0020
<GroupDescription></GroupDescription>Group -
On Classified Systems, Logical Partition must be restricted with read/write access to only its own IOCDS.
<VulnDiscussion>Unrestricted control over the IOCDS files could result in unauthorized updates and impact the configuration of the environmen...Rule Medium Severity -
HLP0030
<GroupDescription></GroupDescription>Group -
Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands.
<VulnDiscussion>Unrestricted control over the issuing of system commands by a Logical Partition could result in unauthorized data access and ...Rule Medium Severity -
HLP0040
<GroupDescription></GroupDescription>Group -
Classified Logical Partition (LPAR) channel paths must be restricted.
<VulnDiscussion>Restricted LPAR channel paths are necessary to ensure data integrity. Unrestricted LPAR channel path access could result in a...Rule High Severity -
HLP0050
<GroupDescription></GroupDescription>Group -
On Classified Systems the Processor Resource/Systems Manager (PR/SM) must not allow access to system complex data.
<VulnDiscussion>Allowing unrestricted access to all Logical Partition data could result in the possibility of unauthorized access and updatin...Rule Medium Severity -
HLP0060
<GroupDescription></GroupDescription>Group -
Central processors must be restricted for classified/restricted Logical Partitions (LPARs).
<VulnDiscussion>Allowing unrestricted access to classified processors for all LPARs could cause the corruption and loss of classified data se...Rule High Severity -
HMC0035
<GroupDescription></GroupDescription>Group -
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be disabled for all classified systems.
<VulnDiscussion>This feature will not be activated for any classified systems. Allowing dial-out access from the Hardware Management Console ...Rule High Severity -
HLESC085
<GroupDescription></GroupDescription>Group -
DCAF Console access must require a password to be entered by each user.
<VulnDiscussion>The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthori...Rule Medium Severity -
HMC0045
<GroupDescription></GroupDescription>Group -
Access to the Hardware Management Console (HMC) must be restricted by assigning users proper roles and responsibilities.
<VulnDiscussion>Access to the HMC if not properly controlled and restricted by assigning users proper roles and responsibilities, could allow...Rule Medium Severity -
HMC0185
<GroupDescription></GroupDescription>Group -
Audit records content must contain valid information to allow for proper incident reporting.
<VulnDiscussion>The content of audit data must validate that the information contains: User IDs Successful and unsuccessful attempts to acc...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.