Title

The Enterprise System Connection (ESCON) Director (ESCD) Application Console must be located in a secure location (Cat I impact)

Discussion

The ESCD Application Console is used to add, change, and delete port configurations and dynamically switch paths between devices. If the ESCON Director Application Console is not located in a secured location, unauthorized personnel can bypass security, access the system, and alter the environment. This could impact the integrity and confidentiality of operations. NOTE: Many newer installations no longer support the ESCD Application Console. For installations not supporting the ESCD Application Console, this check is not applicable.

Check Content

If the ESCD Application Console is present, verify the location of the ESCD Application Console, otherwise this check is not applicable. If the ESCON Director Application console is not located in a secure location this is a finding.

Fix Text

Move the (ESCD) Console Application console to a secure location and implement access control procedures to ensure access by authorized personnel only. An ESCD Console Application is used to provide data center personnel with an interface for displaying and changing an ESCD'S connectivity attributes. It is also used to install, initialize, and service an ESCON Director. Note: ESCD'S are slowly being phased out and are being replaced with FICON Directors.

Additional Identifiers

Rule ID: SV-29986r3_rule

Vulnerability ID: V-24340

Group Title: HLESC010

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.