Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000096-GPOS-00050

    <GroupDescription></GroupDescription>
    Group
  • All IBM z/VM TCP/IP Ports must be restricted to ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

    &lt;VulnDiscussion&gt;In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e....
    Rule Medium Severity
  • SRG-OS-000118-GPOS-00060

    <GroupDescription></GroupDescription>
    Group
  • The IBM z/VM Security Manager must provide a procedure to disable userIDs after 35 days of inactivity.

    &lt;VulnDiscussion&gt;Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potenti...
    Rule Medium Severity
  • SRG-OS-000120-GPOS-00061

    <GroupDescription></GroupDescription>
    Group
  • The IBM z/VM TCP/IP VMSSL command operands must be configured properly.

    &lt;VulnDiscussion&gt;VMSSL services are initiated using the VMSSL command defined in the DTCPARMS file. Unapproved mechanisms that are used for au...
    Rule High Severity
  • SRG-OS-000121-GPOS-00062

    <GroupDescription></GroupDescription>
    Group
  • The IBM z/VM TCP/IP ANONYMOU statement must not be coded in FTP configuration.

    &lt;VulnDiscussion&gt;Operating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to cryptographic modu...
    Rule Medium Severity
  • SRG-OS-000132-GPOS-00067

    <GroupDescription></GroupDescription>
    Group
  • CA VM:Secure product ADMIN GLOBALS command must be restricted to systems programming personnel.

    &lt;VulnDiscussion&gt;Operating system management functionality includes functions necessary for administration and requires privileged user access...
    Rule Medium Severity
  • SRG-OS-000134-GPOS-00068

    <GroupDescription></GroupDescription>
    Group
  • CA VM:Secure must have a security group for Security Administrators only.

    &lt;VulnDiscussion&gt;An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform...
    Rule Medium Severity
  • SRG-OS-000138-GPOS-00069

    <GroupDescription></GroupDescription>
    Group
  • The IBM z/VM SYSTEM CONFIG file must be configured to clear TDISK on IPL.

    &lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of infor...
    Rule Medium Severity
  • SRG-OS-000142-GPOS-00071

    <GroupDescription></GroupDescription>
    Group
  • The IBM z/VM TCP/IP FOREIGNIPCONLIMIT statement must be properly configured.

    &lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...
    Rule Medium Severity
  • SRG-OS-000142-GPOS-00071

    <GroupDescription></GroupDescription>
    Group
  • The IBM z/VM TCP/IP PERSISTCONNECTIONLIMIT statement must be properly configured.

    &lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...
    Rule Medium Severity
  • SRG-OS-000142-GPOS-00071

    <GroupDescription></GroupDescription>
    Group
  • The IBM z/VM TCP/IP PENDINGCONNECTIONLIMIT statement must be properly configured.

    &lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules