Check: HLP0050
IBM Hardware Management Console (HMC) STIG:
HLP0050
(in versions v2 r1 through v1 r5)
Title
On Classified Systems the Processor Resource/Systems Manager (PR/SM) must not allow access to system complex data. (Cat II impact)
Discussion
Allowing unrestricted access to all Logical Partition data could result in the possibility of unauthorized access and updating of data. This could also impact the integrity of the processing environment.
Check Content
Have the Systems Administrator or Systems Programmer use the Hardware Management Console; to verify that the classified Logical Partition system data cannot be viewed by other Logical Partitions. Use the Security Definitions Panel to do this. The Global Performance Data Control option must be turned off. NOTE: The default is that the Global Performance Data Control option is turned off. If the PR/SM allows access to system complex data then, this is a FINDING.
Fix Text
Have the Systems Administrator or Systems Programmer use the Hardware Management Console, to verify that the classified Logical Partition system data cannot be viewed by other Logical Partitions. Use the Security Definitions Panel to do this. The Global Performance Data Control option must be turned off.
Additional Identifiers
Rule ID: SV-256866r958472_rule
Vulnerability ID: V-256866
Group Title: SRG-OS-000080-GPOS-00048
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000213 |
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
Controls
| Number | Title |
|---|---|
| AC-3 |
Access Enforcement |