II - Mission Support Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000001-GPOS-00001
<GroupDescription></GroupDescription>Group -
The IBM z/VM TCP/IP DTCPARMS files must be properly configured to connect to an external security manager.
<VulnDiscussion>A comprehensive account management process such as provided by External Security Managers (ESM) which includes automation hel...Rule High Severity -
SRG-OS-000004-GPOS-00004
<GroupDescription></GroupDescription>Group -
CA VM:Secure product must be installed and operating.
<VulnDiscussion>A comprehensive account management process such as provided by an External Security Manager (ESM) which includes automation h...Rule Medium Severity -
SRG-OS-000021-GPOS-00005
<GroupDescription></GroupDescription>Group -
The IBM z/VM JOURNALING LOGON parameter must be set for lockout after 3 attempts for 15 minutes.
<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...Rule Medium Severity -
SRG-OS-000021-GPOS-00005
<GroupDescription></GroupDescription>Group -
The CA VM:Secure JOURNAL Facility parameters must be set for lockout after 3 attempts.
<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
<GroupDescription></GroupDescription>Group -
The IBM z/VM LOGO Configuration file must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system.
<VulnDiscussion>Display of a standardized and approved use notification before granting access to the operating system ensures privacy and se...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
<GroupDescription></GroupDescription>Group -
The IBM z/VM TCP/IP FTP Server must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system and until users acknowledge the usage conditions and take explicit actions to log on for further access.
<VulnDiscussion>The banner must be acknowledged by the user prior to allowing the user access to the operating system. This provides assuranc...Rule Medium Severity -
SRG-OS-000024-GPOS-00007
<GroupDescription></GroupDescription>Group -
The IBM z/VM LOGO configuration file must be configured to display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access.
<VulnDiscussion>The banner must be acknowledged by the user prior to allowing the user access to the operating system. This provides assuranc...Rule Medium Severity -
SRG-OS-000032-GPOS-00013
<GroupDescription></GroupDescription>Group -
For FTP processing Z/VM TCP/IP FTP server Exit must be enabled.
<VulnDiscussion>Remote access services, such as those providing remote access to network devices and information systems, which lack automate...Rule Medium Severity -
SRG-OS-000033-GPOS-00014
<GroupDescription></GroupDescription>Group -
The IBM z/VM TCP/IP configuration must include an SSLSERVERID statement.
<VulnDiscussion>The Secure Socket Layer (SSL) server, provides processing support for secure (encrypted) communication between remote clients...Rule Medium Severity -
SRG-OS-000057-GPOS-00027
<GroupDescription></GroupDescription>Group -
CA VM:Secure product AUDIT file must be restricted to authorized personnel.
<VulnDiscussion>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confide...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.