IBM zVM Using CA VM:Secure STIG Version Comparison

There are 48 differences between versions v1 r2 (April 27, 2018) (the "left" version) and v2 r2 (Oct. 26, 2022) (the "right" version).

Check IBMZ-VM-000010 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

CA VM:Secure product Rules Facility must be installed and operating.

Check Content

Verify an “ACCESS "ACCESS RULE” RULE" record exists on the system using the following command: VMSECURE CONFIG PRODUCT If there is no “ACCESS "ACCESS RULE” RULE" record, this is a finding. Verify that CA VM:SECURE RULES can be added using the following command: VMSECURE RULES USER If a rules file does not open, this is a finding.

Discussion

Enterprise environments make account management for operating systems challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other errors. IBM z/VM requires an external security manager to assure proper account management. Satisfies: SRG-OS-000001-GPOS-00001, SRG-OS-000080-GPOS-00048

Fix

Ensure the Rules Facility is installed and the Product Config file contains an “ACCESS "ACCESS RULES” RULES" statement.