The IBM z/VM TCP/IP must be configured to display the mandatory DoD Notice and Consent banner before granting access to the system.
DISA Rule
SV-93611r1_rule
Vulnerability Number
V-78905
Group Title
SRG-OS-000228-GPOS-00088
Rule Version
IBMZ-VM-000760
Severity
CAT II
CCI(s)
- CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
- CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.
Weight
10
Fix Recommendation
Configure the TELNET connection exit to display a Notice and Consent banner message before access is granted to TELNET.
Check Contents
Check the TELNET connection exit.
If there is no TELNET connection exit, this is a finding.
If the TELNET connection exit does not send a Notice and Consent message before access is granted, this is a finding.
Vulnerability Number
V-78905
Documentable
False
Rule Version
IBMZ-VM-000760
Severity Override Guidance
Check the TELNET connection exit.
If there is no TELNET connection exit, this is a finding.
If the TELNET connection exit does not send a Notice and Consent message before access is granted, this is a finding.
Check Content Reference
M
Target Key
3211
Comments
STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018: