Check: HMC0050
IBM Hardware Management Console (HMC) STIG:
HMC0050
(in version v1 r5)
Title
Automatic Call Answering to the Hardware Management Console must be disabled. (Cat II impact)
Discussion
Automatic Call Answering to the Hardware Management Console allows unrestricted access by unauthorized personnel and could lead to a bypass of security, access to the system, and an altering of the environment. This would result in a loss of secure operations and impact the integrity of the operating environment, files, and programs. Note: Dial-in access to the Hardware Management Console is prohibited. Also, many newer processors (e.g., zEC12/zBC12 processors) will not have modems. If there is no modem, this check is not applicable.
Check Content
Have the System Administrator verify if either the Enable Remote Operations parameter or the Automatic Call Answering parameter are active on the Enable Hardware Management Console Services panel. The Enable Remote Operations is found under Customize Remote Services and Automatic Call Answering is found under Customize Auto Answer Settings. If either of the above options are active, then this is a FINDING.
Fix Text
The System Administrator must set dial-in facility to off. Do this by ensuring that both the Enable Remote Operations parameter and the Automatic Call Answering parameter are turned off. In Check Content: Enable Remote Operations is found under Customize Remote Services and Automatic Call Answering is found under Customize Auto Answer Settings.
Additional Identifiers
Rule ID: SV-30013r3_rule
Vulnerability ID: V-24350
Group Title: HMC0050
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002227 |
The organization restricts privileged accounts on the information system to organization-defined personnel or roles. |
| CCI-002235 |
The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. |