STIGQter STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:

Access to the Hardware Management Console must be restricted to only authorized personnel.

DISA Rule

SV-30008r2_rule

Vulnerability Number

V-24349

Group Title

HMC0040

Rule Version

HMC0040

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The System Administrator will see that sign-on access to the Hardware Management Console is restricted to authorized personnel and that a DD2875 is on file for each user ID.

Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities.

The System Administrator must see that the list and users defined to the Hardware Management Console match.

Check Contents

Verify that sign-on access to the Hardware Management Console is restricted to authorize personnel and that a DD2875 is on file for each user ID.

Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities

To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles.

If each user displayed by the System Administrator does not have a DD2875, then this is a FINDING.

Vulnerability Number

V-24349

Documentable

False

Rule Version

HMC0040

Severity Override Guidance

Verify that sign-on access to the Hardware Management Console is restricted to authorize personnel and that a DD2875 is on file for each user ID.

Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities

To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles.

If each user displayed by the System Administrator does not have a DD2875, then this is a FINDING.

Check Content Reference

M

Responsibility

Security Manager

Target Key

1891

Comments