III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Sign-on to the ESCD Application Console must be restricted to only authorized personnel.
<VulnDiscussion>The ESCD Application Console is used to add, change, and delete port configurations and to dynamically switch paths between d...Rule Medium Severity -
SRG-OS-000062-GPOS-00031
<GroupDescription></GroupDescription>Group -
The ESCON Director Application Console Event log must be enabled.
<VulnDiscussion>The ESCON Director Console Event Log is used to record all ESCON Director Changes. Failure to create an ESCON Director Applic...Rule High Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
The Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.
<VulnDiscussion>The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthori...Rule Medium Severity -
SRG-OS-000104-GPOS-00051
<GroupDescription></GroupDescription>Group -
DCAF Console access must require a password to be entered by each user.
<VulnDiscussion>The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthori...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Unauthorized partitions must not exist on the system complex.
<VulnDiscussion>The running of unauthorized Logical Partitions (LPARs) could allow a “Trojan horse” version of the operating environment to b...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
On Classified Systems, Logical Partition must be restricted with read/write access to only its own IOCDS.
<VulnDiscussion>Unrestricted control over the IOCDS files could result in unauthorized updates and impact the configuration of the environmen...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands.
<VulnDiscussion>Unrestricted control over the issuing of system commands by a Logical Partition could result in unauthorized data access and ...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Classified Logical Partition (LPAR) channel paths must be restricted.
<VulnDiscussion>Restricted LPAR channel paths are necessary to ensure data integrity. Unrestricted LPAR channel path access could result in a...Rule High Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
On Classified Systems the Processor Resource/Systems Manager (PR/SM) must not allow access to system complex data.
<VulnDiscussion>Allowing unrestricted access to all Logical Partition data could result in the possibility of unauthorized access and updatin...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Central processors must be restricted for classified/restricted Logical Partitions (LPARs).
<VulnDiscussion>Allowing unrestricted access to classified processors for all LPARs could cause the corruption and loss of classified data se...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.