STIGQter: STIG Summary: IBM Hardware Management Console (HMC) STIG Version: 1 Release: 5 Benchmark Date: 20 Jan 2015:

DCAF Console access must require a password to be entered by each user.

DISA Rule

SV-31292r3_rule

Vulnerability Number

V-25247

Group Title

HLESC085

Rule Version

HLESC085

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Have the System Administrator review access authorization to DCAF Consoles. Ensure that all personnel are required to enter a password.

Remote access to the LAN may be provided through DCAF via a LAN or modem connection.
DCAF passwords should be implemented to prevent unauthorized access.

Check Contents

If the ESCON Director Application is present, have the System Administrator attempt to sign on to the DCAF Console and validate that a password is required, otherwise, this check is not applicable.

If sign-on access to the DCAF Console does not require a password this is a finding.

Vulnerability Number

V-25247

Documentable

False

Rule Version

HLESC085

Severity Override Guidance

If the ESCON Director Application is present, have the System Administrator attempt to sign on to the DCAF Console and validate that a password is required, otherwise, this check is not applicable.

If sign-on access to the DCAF Console does not require a password this is a finding.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1891

Comments