STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

The IBM z/VM TCP/IP SECUREDATA option for FTP must be set to REQUIRED.

DISA Rule

SV-93643r1_rule

Vulnerability Number

V-78937

Group Title

SRG-OS-000425-GPOS-00189

Rule Version

IBMZ-VM-001040

Severity

CAT II

CCI(s)

• CCI-002420 - The information system maintains the confidentiality and/or integrity of information during preparation for transmission.
• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

Configure the “SECUREDATA” statement in the FTP server configuration file to specify “REQUIRED”.

Note: Care should be taken before implementing this requirement in a production environment. Develop a documented plan of action that has a definite completion date. File the plan with the ISSM.

Check Contents

Examine the FTP Server configuration file.

If there is no “SECUREDATA” statement, this is a finding.

If the “SECUREDATA” statement specifies “REQUIRED”, this is not a finding.

Note: If there is no "SECUREDATA" or the "SECUREDATA" specifies "ALLOWED" but there is a documented implementation plan with a definite completion date for setting "SECUREDATA" to "REQUIRED" on file with the ISSM, this can be downgraded to a CAT III.

Vulnerability Number

V-78937

Documentable

False

Rule Version

IBMZ-VM-001040

Severity Override Guidance

Examine the FTP Server configuration file.

If there is no “SECUREDATA” statement, this is a finding.

If the “SECUREDATA” statement specifies “REQUIRED”, this is not a finding.

Note: If there is no "SECUREDATA" or the "SECUREDATA" specifies "ALLOWED" but there is a documented implementation plan with a definite completion date for setting "SECUREDATA" to "REQUIRED" on file with the ISSM, this can be downgraded to a CAT III.

Check Content Reference

M

Target Key

3211

Comments