Check: HMC0100
IBM Hardware Management Console (HMC) STIG:
HMC0100
(in version v1 r5)
Title
Individual user accounts with passwords must be maintained for the Hardware Management Console operating system and application. (Cat II impact)
Discussion
Without identification and authentication, unauthorized users could reconfigure the Hardware Management Console or disrupt its operation by logging in to the system or application and execute unauthorized commands. The System Administrator will ensure individual user accounts with passwords are set up and maintained for the Hardware Management Console.
Check Content
Have the System Administrator prove that individual USER IDs are specified for each user and DD2875 are on file for each user. If USERIDs are shared among multiple users and crresponding DD2875 forms do not exist for each user, then this is a FINDING.
Fix Text
Have the System Administrator verify that all users of the Hardware Management Console are individually defined with USER IDs and passwords and that their roles and responsibilities are documented. Verify that a DD2875 exists for each USER ID.
Additional Identifiers
Rule ID: SV-30023r2_rule
Vulnerability ID: V-24355
Group Title: HMC0100
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000760 |
The organization develops procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls. |
Controls
| Number | Title |
|---|---|
| IA-1 |
Identification And Authentication Policy And Procedures |