Title

The IBM z/VM CA VM:Secure product DASD CONFIG file must be restricted to appropriate personnel. (Cat II impact)

Discussion

Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements.

Check Content

Query the CA VM:Secure product rules. If there are product rules granting access to the disk on which the “DASD CONFIG” file resides for system administrators or DASD administrators only, this is not a finding.

Fix Text

Create rules in the VM:Secure product Rules Facility that restricts access to the disk where the “DASD CONFIG” file resides to system administrators or DASD administrators only.

Additional Identifiers

Rule ID:

Vulnerability ID: IBMZ-VM-001230

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.