CA VM:Secure product NORULE record in the SECURITY CONFIG file must be configured to REJECT.
DISA Rule
SV-93587r1_rule
Vulnerability Number
V-78881
Group Title
SRG-OS-000080-GPOS-00048
Rule Version
IBMZ-VM-000600
Severity
CAT II
CCI(s)
- CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
- CCI-000366 - The organization implements the security configuration settings.
- CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
- CCI-000804 - The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).
- CCI-001774 - The organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system.
Weight
10
Fix Recommendation
Configure the “SECURITY CONFIG” file to include a “NORULE” record that is set to “REJECT”.
Check Contents
Examine the “SECURITY CONFIG” file.
If a “NORULE” record exists and is set to “REJECT”, this is not a finding.
Vulnerability Number
V-78881
Documentable
False
Rule Version
IBMZ-VM-000600
Severity Override Guidance
Examine the “SECURITY CONFIG” file.
If a “NORULE” record exists and is set to “REJECT”, this is not a finding.
Check Content Reference
M
Target Key
3211
Comments
STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018: