STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:

The manufacturer’s default passwords must be changed for all Hardware Management Console (HMC) Management software.

DISA Rule

SV-30021r2_rule

Vulnerability Number

V-24353

Group Title

HMC0080

Rule Version

HMC0080

Severity

CAT I

CCI(s)

• CCI-001989 - The organization manages information system authenticators by changing default content of authenticators prior to information system installation.

Weight

10

Fix Recommendation

The System Administrator must logon to the HMC and validate that all Default Passwords have been changed.

User ID Default Password
OPERATOR PASSWORD
ADVANCED PASSWORD
SYSPROG PASSWORD
ACSADMIN PASSWORD

Default user IDs and passwords are established as part of a base HMC. The System Administrator must assign new user IDs and passwords for each user and remove the default user IDs as soon as the HMC is installed by using the User Profiles task or the Manage Users Wizard.

Go to task Modify User, select user, select Modify and enter and confirm new password.

Check Contents

Have the System Administrator logon to the HMC and validate that all default passwords have been changed.

Go to task Modify User, select user, select Modify and enter and confirm new password.

User ID Default Password
• OPERATOR PASSWORD
• ADVANCED PASSWORD
• SYSPROG PASSWORD
• ACSADMIN PASSWORD

The System Administrator is to validate that each user has his/her own user ID and password and that sharing of user-IDs and passwords is not permitted.

Default user IDs and passwords are established as part of a base HMC. The System Administrator must assign new user IDs and passwords for each user and remove the default user IDs as soon as the HMC is installed by using the User Profiles task or the Manage Users Wizard.

If all the default passwords have not been changed, and each user is not assigned a separate user ID and password, then this is a FINDING

Vulnerability Number

V-24353

Documentable

False

Rule Version

HMC0080

Severity Override Guidance

Have the System Administrator logon to the HMC and validate that all default passwords have been changed.

Go to task Modify User, select user, select Modify and enter and confirm new password.

User ID Default Password
• OPERATOR PASSWORD
• ADVANCED PASSWORD
• SYSPROG PASSWORD
• ACSADMIN PASSWORD

The System Administrator is to validate that each user has his/her own user ID and password and that sharing of user-IDs and passwords is not permitted.

Default user IDs and passwords are established as part of a base HMC. The System Administrator must assign new user IDs and passwords for each user and remove the default user IDs as soon as the HMC is installed by using the User Profiles task or the Manage Users Wizard.

If all the default passwords have not been changed, and each user is not assigned a separate user ID and password, then this is a FINDING

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1891

Comments