Check: IBMZ-VM-000990
IBM zVM STIG:
IBMZ-VM-000990
(in version v1 r0.1)
Title
The IBM z/VM LOGONBY must be restricted to system administrators. (Cat II impact)
Discussion
In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by the organizations. The LOGONBY statement designates up to eight user IDs that can use their own passwords to log on to and use the virtual machine.
Check Content
Examine each of the directory statements. If the “LOGONBY” statement specifies users that are not system administrators, this is a finding.
Fix Text
Assure that any “LOGONBY” statement only includes users who are system administrators.
Additional Identifiers
Rule ID:
Vulnerability ID: IBMZ-VM-000990
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002233 |
The information system prevents organization-defined software from executing at higher privilege levels than users executing the software. |
Controls
| Number | Title |
|---|---|
| AC-6 (8) |
Privilege Levels For Code Execution |