STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:

Individual user accounts with passwords must be maintained for the Hardware Management Console operating system and application.

DISA Rule

SV-30023r2_rule

Vulnerability Number

V-24355

Group Title

HMC0100

Rule Version

HMC0100

Severity

CAT II

CCI(s)

• CCI-000760 - The organization develops procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls.

Weight

10

Fix Recommendation

Have the System Administrator verify that all users of the Hardware Management Console are individually defined with USER IDs and passwords and that their roles and responsibilities are documented. Verify that a DD2875 exists for each USER ID.

Check Contents

Have the System Administrator prove that individual USER IDs are specified for each user and DD2875 are on file for each user.

If USERIDs are shared among multiple users and crresponding DD2875 forms do not exist for each user, then this is a FINDING.

Vulnerability Number

V-24355

Documentable

False

Rule Version

HMC0100

Severity Override Guidance

Have the System Administrator prove that individual USER IDs are specified for each user and DD2875 are on file for each user.

If USERIDs are shared among multiple users and crresponding DD2875 forms do not exist for each user, then this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1891

Comments