Title

Access to the Hardware Management Console (HMC) must be restricted by assigning users proper roles and responsibilities. (Cat II impact)

Discussion

Access to the HMC if not properly controlled and restricted by assigning users proper roles and responsibilities, could allow modification to areas outside the need-to-know and abilities of the individual resulting in a bypass of security and an altering of the environment. This would result in a loss of secure operations and can cause an impact to data operating environment integrity.

Check Content

Have the System Administrator verify to the reviewer that the Roles and Responsibilities assigned are assigned to the proper individuals by their areas of responsibility. Note: Sites must have a list of valid HMC users, indicating their USERID, Date of DD2875, and roles and responsibilities. Have the System Administrator verify to the reviewer that the Roles and Responsibilities assigned are assigned to the proper individuals by their areas of responsibility. To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles. If the HMC user-IDs displayed by the System Administrator are not properly assigned by Roles and Responsibilities, then this is a FINDING.

Fix Text

Have the System Administrator using the list user IDs and responsibilities, validate that each user is properly specified in the HMC based on his/her roles and responsibilities. Note: Sites must have a list of valid HMC users, indicating their USERID, Date of DD2785, roles and responsibilities To display user roles choose User Profiles and then select the user for modification. View Task Roles and Manager Roles.

Additional Identifiers

Rule ID: SV-31555r2_rule

Vulnerability ID: V-25386

Group Title: HMC0045

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.