STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015: STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:SV-30007r3_rule
V-24348
HMC0030
HMC0030
CAT II
10
When this feature is turned on for non-classified systems, the site must verify that the remote site information is valid.
The RSF, which is also commonly referred to as call home, is one of the key components that contributes to zero downtime on System z hardware.
The Hardware Management Console RSF provides communication to an IBM support network, known as RETAIN for hardware problem reporting and service.
When a Hardware Management Console enables RSF, the Hardware Management Console then becomes a call home server.
The types of communication that are provided are:
- Problem reporting and repair data.
- Fix delivery to the service processor and Hardware Management Console.
- Hardware inventory data.
- System updates that are required to activate Capacity on Demand changes.
The following call home security characteristics are in effect regardless of the connectivity method that is chosen:
RSF requests are always initiated from the Hardware Management Console to IBM. An inbound connection is never initiated from the IBM Service Support System.
All data that is transferred between the Hardware Management Console and the IBM Service Support System is encrypted in a high-grade Secure Sockets Layer (SSL) encryption.
When initializing the SSL-encrypted connection, the Hardware Management Console validates the trusted host by its digital signature issued for the IBM Service Support system. Data sent to the IBM Service Support System consists solely of hardware problems and configuration data. No application or customer data is transmitted to IBM.
Whenever dial-out hardware is present, have the System Administrator or Systems Programmer validate that dial-out access from the Hardware Management Console is enabled for any non-classified system.
Note: This is accomplished by going to Hardware Management Console and selecting Customize Remote Services. Then verify that Enable Remote Services is active.
If automatic dial-out access from the Hardware Management Console is enabled, have the Systems Administrator or Systems Programmer validate that remote phone number and remote service parameters values are valid authorized venders in the remote Service Panel of the Hardware Management Console.
If all the above values are not correct, this is a finding.
V-24348
False
HMC0030
Whenever dial-out hardware is present, have the System Administrator or Systems Programmer validate that dial-out access from the Hardware Management Console is enabled for any non-classified system.
Note: This is accomplished by going to Hardware Management Console and selecting Customize Remote Services. Then verify that Enable Remote Services is active.
If automatic dial-out access from the Hardware Management Console is enabled, have the Systems Administrator or Systems Programmer validate that remote phone number and remote service parameters values are valid authorized venders in the remote Service Panel of the Hardware Management Console.
If all the above values are not correct, this is a finding.
M
Systems Programmer
1891