STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

IBM z/VM tapes must use Tape Encryption.

DISA Rule

SV-93609r1_rule

Vulnerability Number

V-78903

Group Title

SRG-OS-000185-GPOS-00079

Rule Version

IBMZ-VM-000750

Severity

CAT II

CCI(s)

• CCI-001199 - The information system protects the confidentiality and/or integrity of organization-defined information at rest.

Weight

10

Fix Recommendation

Consult CP Administration manual for procedures to set up IBM Device Encryption.

For any other drive type consult manufacturer for encryption procedures.

Check Contents

Verify Tape Encryption is in use.

For IBM drives issue the following command:

Class B:
QUERY TAPES DETAIL

or

Class G:
QUERY VIRTUAL TAPES

If resulting text includes “ACTIVE KEY LABELS”, this is not a finding.

Regardless of the drive type if there is no encryption available, this is a finding.

Vulnerability Number

V-78903

Documentable

False

Rule Version

IBMZ-VM-000750

Severity Override Guidance

Verify Tape Encryption is in use.

For IBM drives issue the following command:

Class B:
QUERY TAPES DETAIL

or

Class G:
QUERY VIRTUAL TAPES

If resulting text includes “ACTIVE KEY LABELS”, this is not a finding.

Regardless of the drive type if there is no encryption available, this is a finding.

Check Content Reference

M

Target Key

3211

Comments