STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

All IBM z/VM TCP/IP Ports must be restricted to ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

SV-93589r1_rule

Vulnerability Number

V-78883

Group Title

SRG-OS-000096-GPOS-00050

Rule Version

IBMZ-VM-000630

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Configure the application server definition in TCP/IP configuration file to disable any ports or protocols that are prohibited by the PPSM CAL and vulnerability assessments.

Check Contents

For each TCP/IP server defined examine the TCP/IP Configuration Port Statements.

Consult DISA Ports, Protocols, and Services Management (PPSM) Category Assurance Levels (CAL).

Verify that the ports and protocols being used are not prohibited and are necessary for the operation of the application server and the hosted applications.

If any of the ports or protocols is prohibited or not necessary for the application server operation, this is a finding.

Vulnerability Number

V-78883

Documentable

False

Rule Version

IBMZ-VM-000630

Severity Override Guidance

For each TCP/IP server defined examine the TCP/IP Configuration Port Statements.

Consult DISA Ports, Protocols, and Services Management (PPSM) Category Assurance Levels (CAL).

Verify that the ports and protocols being used are not prohibited and are necessary for the operation of the application server and the hosted applications.

If any of the ports or protocols is prohibited or not necessary for the application server operation, this is a finding.

Check Content Reference

M

Target Key

3211

Comments