| Checked | Name | Title |
|---|
| ☐ | SV-29986r3_rule | The Enterprise System Connection (ESCON) Director (ESCD) Application Console must be located in a secure location |
| ☐ | SV-29994r3_rule | Sign-on to the ESCD Application Console must be restricted to only authorized personnel. |
| ☐ | SV-29995r3_rule | The ESCON Director Application Console Event log must be enabled. |
| ☐ | SV-29998r3_rule | The Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel. |
| ☐ | SV-29999r2_rule | The Hardware Management Console must be located in a secure location. |
| ☐ | SV-30007r3_rule | Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be restricted to an authorized vendor site. |
| ☐ | SV-30008r2_rule | Access to the Hardware Management Console must be restricted to only authorized personnel. |
| ☐ | SV-30013r3_rule | Automatic Call Answering to the Hardware Management Console must be disabled. |
| ☐ | SV-30015r2_rule | The Hardware Management Console Event log must be active. |
| ☐ | SV-30021r2_rule | The manufacturer’s default passwords must be changed for all Hardware Management Console (HMC) Management software. |
| ☐ | SV-30022r2_rule | Predefined task roles to the Hardware Management Console (HMC) must be specified to limit capabilities of individual users. |
| ☐ | SV-30023r2_rule | Individual user accounts with passwords must be maintained for the Hardware Management Console operating system and application. |
| ☐ | SV-30024r2_rule | The PASSWORD History Count value must be set to 10 or greater. |
| ☐ | SV-30026r2_rule | The PASSWORD expiration day(s) value must be set to equal or less then 60 days. |
| ☐ | SV-30027r2_rule | Maximum failed password attempts before disable delay must be set to 3 or less. |
| ☐ | SV-30028r2_rule | The password values must be set to meet the requirements in accordance with DoDI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE (IA) AND COMPUTER NETWORK DEFENSE (CND)). |
| ☐ | SV-30029r2_rule | The terminal or workstation must lock out after a maximum of 15 minutes of inactivity, requiring the account password to resume. |
| ☐ | SV-30030r2_rule | The Department of Defense (DoD) logon banner must be displayed prior to any login attempt. |
| ☐ | SV-30031r3_rule | A private web server must subscribe to certificates, issued from any DoD-authorized Certificate Authority, as an access control mechanism for web users. |
| ☐ | SV-30032r4_rule | Hardware Management Console audit record content data must be backed up. |
| ☐ | SV-30043r2_rule | Hardware Management Console management must be accomplished by using the out-of-band or direct connection method. |
| ☐ | SV-30052r2_rule | Unauthorized partitions must not exist on the system complex. |
| ☐ | SV-30053r2_rule | On Classified Systems, Logical Partition must be restricted with read/write access to only its own IOCDS. |
| ☐ | SV-30055r2_rule | Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands. |
| ☐ | SV-30056r2_rule | Classified Logical Partition (LPAR) channel paths must be restricted. |
| ☐ | SV-30057r2_rule | On Classified Systems the Processor Resource/Systems Manager (PR/SM) must not allow access to system complex data. |
| ☐ | SV-30058r2_rule | Central processors must be restricted for classified/restricted Logical Partitions (LPARs). |
| ☐ | SV-30081r2_rule | Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be disabled for all classified systems. |
| ☐ | SV-31292r3_rule | DCAF Console access must require a password to be entered by each user. |
| ☐ | SV-31555r2_rule | Access to the Hardware Management Console (HMC) must be restricted by assigning users proper roles and responsibilities. |
| ☐ | SV-31556r2_rule | Audit records content must contain valid information to allow for proper incident reporting. |
| ☐ | SV-31558r2_rule | Product engineering access to the Hardware Management Console must be disabled. |
| ☐ | SV-31580r2_rule | Connection to the Internet for IBM remote support must be in compliance with the Remote Access STIGs. |
| ☐ | SV-31588r2_rule | A maximum of 60-minute delay must be specified for the password retry after 3 failed attempts to enter your password |
| ☐ | SV-31589r2_rule | Connection to the Internet for IBM remote support must be in compliance with mitigations specified in the Ports and Protocols and Services Management (PPSM) requirements. |
STIGQter: STIG Summary: