STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

The IBM z/VM TCP/IP ANONYMOU statement must not be coded in FTP configuration.

DISA Rule

SV-93595r1_rule

Vulnerability Number

V-78889

Group Title

SRG-OS-000121-GPOS-00062

Rule Version

IBMZ-VM-000680

Severity

CAT II

CCI(s)

• CCI-000804 - The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).

Weight

10

Fix Recommendation

Ensure the “:ANONYMOUS” or “:ANONYMOU” statement is not coded in the “DTCPARMS” or “SRVRFTP” command.

Check Contents

If there is no FTP Server active, this is not applicable.

Examine the “DTCPARMS” file for each active FTP server.

If there is “:ANONYMOUS” or “:ANONYMOU” statement, this is a finding.

Examine the “SRVRFTP” command.

If “ANONYMOU” is coded, this is a finding.

Vulnerability Number

V-78889

Documentable

False

Rule Version

IBMZ-VM-000680

Severity Override Guidance

If there is no FTP Server active, this is not applicable.

Examine the “DTCPARMS” file for each active FTP server.

If there is “:ANONYMOUS” or “:ANONYMOU” statement, this is a finding.

Examine the “SRVRFTP” command.

If “ANONYMOU” is coded, this is a finding.

Check Content Reference

M

Target Key

3211

Comments