Check: IBMZ-VM-000490
IBM zVM STIG:
IBMZ-VM-000490
(in version v1 r0.1)
Title
The IBM z/VM CA VM:Secure product must implement the Password Encryption Facility (PEF). (Cat I impact)
Discussion
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
Check Content
Examine the “VMXRPI” Config file. If the following records are defined as below, this is not a finding. ENCRYPT DES3 record
Fix Text
Configure the “VMXRPI” Config file to include the following statement: ENCRYPT DES3
Additional Identifiers
Rule ID:
Vulnerability ID: IBMZ-VM-000490
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000197 |
The information system, for password-based authentication, transmits only cryptographically-protected passwords. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| IA-5 (1) |
Password-Based Authentication |