Navigate

Check: IBMZ-VM-000480

IBM zVM STIG: IBMZ-VM-000480 (in version v1 r0.1)

Title

The IBM z/VM CA VM:Secure product Password Encryption (PEF) option must be properly configured. (Cat I impact)

Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

Check Content

Examine the “VMXRPI” Config file used for building the current nucleus. If the “ENCRYP” statement is missing, this is a finding. If the “ENCRYPT” statement does not specify “DES3”, this is a finding.

Fix Text

Configure the “VMXRPI” Config file to include the following statement: ENCRYPT DES3

Additional Identifiers

Rule ID:

Vulnerability ID: IBMZ-VM-000480

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000196	The information system, for password-based authentication, stores only cryptographically-protected passwords.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5 (1)	Password-Based Authentication