STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

The IBM z/VM TCP/IP DTCPARMS files must be properly configured to connect to an external security manager.

DISA Rule

SV-93549r1_rule

Vulnerability Number

V-78843

Group Title

SRG-OS-000001-GPOS-00001

Rule Version

IBMZ-VM-000020

Severity

CAT I

CCI(s)

• CCI-000015 - The organization employs automated mechanisms to support the information system account management functions.

Weight

10

Fix Recommendation

For each of the following installed severs:

FTP (FTPSERVE)
IMAP (IMAP)
NFS (VMNFS)
REXEC (REXECD)

Configure the DTCPARMS file in the TCP/IP configuration to include the following statements:

:ESM_Enable.YES
:ESM_Racroute.YES (or a valid exit name)
:ESM_Validate.YES (or a valid exit name)

Check Contents

Determine location of “DTCPARMS” File for each of the following installed servers:
FTP (FTPSERVE)
IMAP (IMAP)
NFS (VMNFS)
REXEC (REXECD)

If each “DTCPARMS” file includes the following statements, this is not a finding.

:ESM_Enable.YES
:ESM_Racroute.YES (or a valid exit name)
:ESM_Validate.YES (or a valid exit name)

Vulnerability Number

V-78843

Documentable

False

Rule Version

IBMZ-VM-000020

Severity Override Guidance

Determine location of “DTCPARMS” File for each of the following installed servers:
FTP (FTPSERVE)
IMAP (IMAP)
NFS (VMNFS)
REXEC (REXECD)

If each “DTCPARMS” file includes the following statements, this is not a finding.

:ESM_Enable.YES
:ESM_Racroute.YES (or a valid exit name)
:ESM_Validate.YES (or a valid exit name)

Check Content Reference

M

Target Key

3211

Comments