Check: HLP0050
IBM Hardware Management Console (HMC) STIG:
HLP0050
(in version v1 r5)
Title
On Classified Systems the Processor Resource/Systems Manager (PR/SM) must not allow access to system complex data. (Cat II impact)
Discussion
Allowing unrestricted access to all Logical Partition data could result in the possibility of unauthorized access and updating of data. This could also impact the integrity of the processing environment.
Check Content
Have the Systems Administrator or Systems Programmer use the Hardware Management Console; to verify that the classified Logical Partition system data cannot be viewed by other Logical Partitions. Use the Security Definitions Panel to do this. The Global Performance Data Control option must be turned off. NOTE: The default is that the Global Performance Data Control option is turned off. If the PR/SM allows access to system complex data then, this is a FINDING.
Fix Text
Have the Systems Administrator or Systems Programmer use the Hardware Management Console, to verify that the classified Logical Partition system data cannot be viewed by other Logical Partitions. Use the Security Definitions Panel to do this. The Global Performance Data Control option must be turned off.
Additional Identifiers
Rule ID: SV-30057r2_rule
Vulnerability ID: V-24382
Group Title: HLP0050
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000213 |
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
Controls
| Number | Title |
|---|---|
| AC-3 |
Access Enforcement |