IBM zVM Using CA VM:Secure STIG

IBM zVM Using CA VM:Secure Security Technical Implementation Guide

ID Vuln ID Title Cat Status
IBMZ-VM-000940 V-237938 CA VM:Secure product audit records must offload audit records to a different system or media. Cat II
IBMZ-VM-001020 V-237944 The IBM z/VM JOURNALING statement must be properly configured. Cat II
IBMZ-VM-000760 V-237929 The IBM z/VM TCP/IP must be configured to display the mandatory DoD Notice and Consent banner before granting access to the system. Cat II
IBMZ-VM-001280 V-237962 CA VM:Secure product Rules Facility must be restricted to appropriate personnel. Cat II
IBMZ-VM-000710 V-237924 The IBM z/VM SYSTEM CONFIG file must be configured to clear TDISK on IPL. Cat II
IBMZ-VM-002370 V-237967 The IBM z/VM System administrator must develop routines and processes for notification in the event of audit failure. Cat II
IBMZ-VM-000460 V-237909 All digital certificates in use must have a valid path to a trusted Certification authority. Cat II
IBMZ-VM-000930 V-237937 The IBM z/VM journal minidisk space allocation must be large enough for one weeks worth of audit records. Cat II
IBMZ-VM-000070 V-237904 The IBM z/VM LOGO configuration file must be configured to display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access. Cat II
IBMZ-VM-000560 V-237915 IBM z/VM must be configured to disable non-essential capabilities. Cat II
IBMZ-VM-000480 V-237911 CA VM:Secure product Password Encryption (PEF) option must be properly configured to store and transmit cryptographically-protected passwords. Cat I
IBMZ-VM-001220 V-237957 CA VM:Secure product VMXRPI configuration file must be restricted to authorized personnel. Cat II
IBMZ-VM-002340 V-237964 The IBM z/VM System administrator must develop a notification routine for account management. Cat II
IBMZ-VM-000520 V-237914 IBM zVM CA VM:Secure product PASSWORD user exit must be in use. Cat II
IBMZ-VM-001140 V-245533 The IBM z/VM CHECKSUM statement must be included in the TCP/IP configuration file. Cat II


Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.