Check: HMC0035
IBM Hardware Management Console (HMC) STIG:
HMC0035
(in version v1 r5)
Title
Dial-out access from the Hardware Management Console Remote Support Facility (RSF) must be disabled for all classified systems. (Cat I impact)
Discussion
This feature will not be activated for any classified systems. Allowing dial-out access from the Hardware Management Console could impact the integrity of the environment by enabling the possible introduction of spyware or other malicious code.
Check Content
Have the Systems Administrator or Systems Programmer validate that dial-out access from the Hardware Management Console is not activated for any classified systems. Note: This can be accomplished by going to the Customize Remote Service Panel on the Hardware Management Console and verifying that enable remote service is not enabled. If this is a classified system and enable remote service is enabled, then this is a FINDING.
Fix Text
Have the Systems Administrator or Systems Programmer validate that dial-out access from the Hardware Management Console is not activated for any classified systems. Note: This can be accomplished by going to the Customize Remote Service Panel on the Hardware Management Console and verifying that enable remote service is not enabled.
Additional Identifiers
Rule ID: SV-30081r2_rule
Vulnerability ID: V-24398
Group Title: HMC0035
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001762 |
The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure. |
Controls
| Number | Title |
|---|---|
| CM-7 (1) |
Periodic Review |