STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

The IBM z/VM DOMAINSEARCH statement in the TCPIP DATA file must be configured with proper domain names for name resolution.

DISA Rule

SV-93659r1_rule

Vulnerability Number

V-78953

Group Title

SRG-OS-000402-GPOS-00181

Rule Version

IBMZ-VM-001150

Severity

CAT II

CCI(s)

• CCI-002468 - The information system performs data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.

Weight

10

Fix Recommendation

Configure any statement in the “TCPIP DATA” file used during host name resolution such as “DOMAINSEARCH” statement or the "DOMAINORIGIN" statement with a proper domain name.

Check Contents

Examine the “TCPIP DATA” file.

The domain specified for the “DOMAINORIGIN” statement is also used for host name resolution, as if it appeared in a “DOMAINSEARCH” statement.

If there is no "DOMAINORIGIN" or “DOMAINSEARCH” statement, this is a finding.

If the “DOMAINSEARCH” statement does not specify a proper domain, this is a finding.

If the “DOMAINORIGIN” statement does not specify a proper domain, this is a finding.

Vulnerability Number

V-78953

Documentable

False

Rule Version

IBMZ-VM-001150

Severity Override Guidance

Examine the “TCPIP DATA” file.

The domain specified for the “DOMAINORIGIN” statement is also used for host name resolution, as if it appeared in a “DOMAINSEARCH” statement.

If there is no "DOMAINORIGIN" or “DOMAINSEARCH” statement, this is a finding.

If the “DOMAINSEARCH” statement does not specify a proper domain, this is a finding.

If the “DOMAINORIGIN” statement does not specify a proper domain, this is a finding.

Check Content Reference

M

Target Key

3211

Comments