An error occurred:

Check: HLP0030

IBM Hardware Management Console (HMC) STIG: HLP0030 (in version v1 r5)

Title

Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands. (Cat II impact)

Discussion

Unrestricted control over the issuing of system commands by a Logical Partition could result in unauthorized data access and inadvertent updates. This could result in severe damage to system resources.

Check Content

Using the Hardware Management Console, verify that the Logical Partitions cannot issue control program commands to another Logical Partition. Use the PR/SM panel, known as the Security Definitions Page, to do this. The Cross Partition Control option must be turned off. NOTE: The default is that the Cross Partition Control option is turned off. If Processor Resource/Systems Manager (PR/SM) allows unrestricted issuing of control program commands then this is a FINDING

Fix Text

Review the Security Definition parameters specified under PR/SM, and turn off the Cross Partition Control option.

Additional Identifiers

Rule ID: SV-30055r2_rule

Vulnerability ID: V-24380

Group Title: HLP0030

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000226

The information system provides the capability for a privileged administrator to configure organization-defined security policy filters to support different security policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check