STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:

Unauthorized partitions must not exist on the system complex.

DISA Rule

SV-30052r2_rule

Vulnerability Number

V-24378

Group Title

HLP0010

Rule Version

HLP0010

Severity

CAT II

CCI(s)

• CCI-002101 - The organization authorizes internal connections of organization-defined information system components or classes of components to the information system.

Weight

10

Fix Recommendation

Review the LPARs on the system and remove any unauthorized LPARs. If a deviation exists, the system administrator will provide written justification for the deviation.

This will be displayed by using the Change LPAR Control Panel.

Check Contents

Using the Hardware Management Console, do the following:

Access the Change LPAR Control Panel. (This will list the LPARs.)

Compare the partition names listed on the Partition Page to the names entered on the Central Processor Complex Domain/LPAR Names table.
Note: Each site should maintain a list of valid LPARS that are configured on thier system , what operating system, and the purpose of each LPAR.
If unauthorized partitions exist on the system complex and the deviation is not documented, this is a FINDING.

Vulnerability Number

V-24378

Documentable

False

Rule Version

HLP0010

Severity Override Guidance

Using the Hardware Management Console, do the following:

Access the Change LPAR Control Panel. (This will list the LPARs.)

Compare the partition names listed on the Partition Page to the names entered on the Central Processor Complex Domain/LPAR Names table.
Note: Each site should maintain a list of valid LPARS that are configured on thier system , what operating system, and the purpose of each LPAR.
If unauthorized partitions exist on the system complex and the deviation is not documented, this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1891

Comments