STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

The IBM z/VM Privilege Classes C and E must be restricted to appropriate system administrators.

DISA Rule

SV-93661r1_rule

Vulnerability Number

V-78955

Group Title

SRG-OS-000324-GPOS-00125

Rule Version

IBMZ-VM-001190

Severity

CAT II

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Configure the CP Privilege Class.

Assign CP Privilege Classes, C and E, to system programmers and/or system analysts only.

Check Contents

Examine user directory definitions to determine privilege class.

If the CP privilege Class C is assigned to system programmers only, this is not a finding.

If the CP privilege Class E is assigned to system analyst only, this is not a finding.

Vulnerability Number

V-78955

Documentable

False

Rule Version

IBMZ-VM-001190

Severity Override Guidance

Examine user directory definitions to determine privilege class.

If the CP privilege Class C is assigned to system programmers only, this is not a finding.

If the CP privilege Class E is assigned to system analyst only, this is not a finding.

Check Content Reference

M

Target Key

3211

Comments