STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

CA VM:Secure product Password Encryption (PEF) option must be properly configured to store and transmit cryptographically-protected passwords.

DISA Rule

SV-93575r1_rule

Vulnerability Number

V-78869

Group Title

SRG-OS-000073-GPOS-00041

Rule Version

IBMZ-VM-000480

Severity

CAT I

CCI(s)

• CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.
• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure the “VMXRPI” Config file to include the following records:

ENCRYPT DES3
DES3KEY word1 word2 word3 word4 word5 word6 or
DES3KEY EXIT filename EXEC|TEXT

Check Contents

Examine the “VMXRPI” Config file used for building the current nucleus.

If the “ENCRYP” record is missing, this is a finding.

If the “ENCRYPT” record does not specify “DES3”, this is a finding.

If the DES3KEY Record is missing, this is a finding.

Vulnerability Number

V-78869

Documentable

False

Rule Version

IBMZ-VM-000480

Severity Override Guidance

Examine the “VMXRPI” Config file used for building the current nucleus.

If the “ENCRYP” record is missing, this is a finding.

If the “ENCRYPT” record does not specify “DES3”, this is a finding.

If the DES3KEY Record is missing, this is a finding.

Check Content Reference

M

Target Key

3211

Comments