STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

DISA Rule

SV-215335r508663_rule

Vulnerability Number

V-215335

Group Title

SRG-OS-000368-GPOS-00154

Rule Version

AIX7-00-003025

Severity

CAT II

CCI(s)

• CCI-001764 - The information system prevents program execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage.
• CCI-001774 - The organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system.

Weight

10

Fix Recommendation

Run the following command to turn on Trusted Execution:
# trustchk -p TE=ON

Check Contents

Run the following command to show the current status of the "TE" running on the system:
# trustchk -p

The above command should yield the following output:
TE=ON

If the output is "TE=OFF", this is a finding.

Vulnerability Number

V-215335

Documentable

False

Rule Version

AIX7-00-003025

Severity Override Guidance

Run the following command to show the current status of the "TE" running on the system:
# trustchk -p

The above command should yield the following output:
TE=ON

If the output is "TE=OFF", this is a finding.

Check Content Reference

M

Target Key

4012

Comments