STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

IBM z/VM must be protected by an external firewall that has a deny-all, allow-by-exception policy.

DISA Rule

SV-93685r1_rule

Vulnerability Number

V-78979

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

IBMZ-VM-002360

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure that the network has a firewall installed that provides a deny-all, allow-by-exception protection for the IBM z/VM system.

Check Contents

Ask the system administrator for a network system plan.

If there is no firewall defined for the IBM z/VM system, this is a finding.

If the firewall does not have a deny-all, allow-by-exception policy, this is a finding.

Vulnerability Number

V-78979

Documentable

False

Rule Version

IBMZ-VM-002360

Severity Override Guidance

Ask the system administrator for a network system plan.

If there is no firewall defined for the IBM z/VM system, this is a finding.

If the firewall does not have a deny-all, allow-by-exception policy, this is a finding.

Check Content Reference

M

Target Key

3211

Comments