STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

The IBM z/VM TCP/IP VMSSL command operands must be configured properly.

DISA Rule

SV-93593r1_rule

Vulnerability Number

V-78887

Group Title

SRG-OS-000120-GPOS-00061

Rule Version

IBMZ-VM-000660

Severity

CAT I

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Configure the SSL DTCPARMS file with a :PARMS tag that includes “VMSSL” command.

Configure the “VMSSL” command to MODE FIPS-140-2, either by including the FIPS operand or by setting the “MODE” operand to FIPS-140-2.

Include the PROTOcol operands for TLSV1_2.

Check Contents

Determine and examine the “DTCPARMS” file for each SSL server pool.

If the "VMSSL" command is not included in a :PARMS tag, this is a finding.

If the “VMSSL” command is not configured as follows, this is a finding.

FIPS (Operand FIPS is equivalent to setting MODE FIPS-140-2.)

MODE FIPS-140-2 (Operand MODE FIPS-140-2 is equivalent to setting operand FIPS.)

PROTOcol TLSV1_2

Vulnerability Number

V-78887

Documentable

False

Rule Version

IBMZ-VM-000660

Severity Override Guidance

Determine and examine the “DTCPARMS” file for each SSL server pool.

If the "VMSSL" command is not included in a :PARMS tag, this is a finding.

If the “VMSSL” command is not configured as follows, this is a finding.

FIPS (Operand FIPS is equivalent to setting MODE FIPS-140-2.)

MODE FIPS-140-2 (Operand MODE FIPS-140-2 is equivalent to setting operand FIPS.)

PROTOcol TLSV1_2

Check Content Reference

M

Target Key

3211

Comments