Hardware Management Console audit record content data must be backed up.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-24364	HMC0180	SV-30032r1_rule	COSW-1 ECTB-1	Medium

Description
The Hardware Management Console has the ability to backup and display the following data: 1) Critical console data 2) Critical hard disk information 3) Backup of critical CPC data and 4) Security Logs. Failure to backup and archive the listed data could make auditing of system incidents and history unavailable and could impact recovery for failed components.

STIG	Date
IBM Hardware Management Console (HMC) STIG	2013-06-26

Details

Check Text ( C-29885r1_chk )
Have the System Administrator produce a log by date validating that backups are being performed for Security logs and Critical console data. To accomplish backups follow the procedures listed below. Archive Security Logs: The DVD-RAM used for archiving security logs must be formatted with a volume label of ACTSECLG. You cannot perform this task remotely. Use this task to archive a security log for the console. When the Archive Security Logs window is displayed, verify that the console shown in the window list is the one whose security log you want to archive. To archive a Security log: Open the Archive Security Logs task. The Archive Security Logs window is displayed. Verify the console shown in the window list is the one whose security log you want to archive. Note: Ensure that the DVD-RAM that you will be using for archiving is in the drive. Click Archive to start the procedure. Backup Critical Console Data The DVD-RAM used for the Backup Critical Console Data task must be formatted with a volume label of ACTBKP. To back up console data: Open the Backup Critical Console Data task. The Backup Critical Console Data Confirmation window is displayed. Insert the backup DVD-RAM, and then click Backup to begin. The Backup Critical Console Data Progress window is displayed. When backup is complete, click OK.

Check Text ( C-29885r1_chk )

Have the System Administrator produce a log by date validating that backups are being performed for Security logs and Critical console data.

To accomplish backups follow the procedures listed below.

Archive Security Logs:

The DVD-RAM used for archiving security logs must be formatted with a volume label of ACTSECLG.
You cannot perform this task remotely.
Use this task to archive a security log for the console. When the Archive Security Logs window is displayed, verify that the console shown in the window list is the one whose security log you want to archive.

To archive a Security log:

Open the Archive Security Logs task. The Archive Security Logs window is displayed.
Verify the console shown in the window list is the one whose security log you want to archive.

Note: Ensure that the DVD-RAM that you will be using for archiving is in the drive.

Click Archive to start the procedure.

Backup Critical Console Data

The DVD-RAM used for the Backup Critical Console Data task must be formatted with a volume label of ACTBKP.

To back up console data:
Open the Backup Critical Console Data task. The Backup Critical Console Data Confirmation window is displayed.

Insert the backup DVD-RAM, and then click Backup to begin.

The Backup Critical Console Data Progress window is displayed.

When backup is complete, click OK.

Fix Text (F-26781r1_fix)
The System Administrator will see that a log exists to verify that backups are being performed. This list will have the DVD, date and reason for the backup. Backup security logs. This task will archive a security log for the console. The backup critical console data backs up the data that is stored on your Hardware Management Console hard disk and is critical to support Hardware Management Console operations. You should back up the Hardware Management Console data after changes have been made to the Hardware Management Console or to the information associated with the processor cluster. Information associated with processor cluster changes is usually information that you are able to modify or add to the Hardware Management Console hard disk. Association of an activation profile to an object, the definition of a group, hardware configuration data, and receiving internal code changes are examples of modifying and adding information, respectively. Use this task after customizing your processor cluster in any way. A backup copy of hard disk information may be restored to your Hardware Management Console following the repair or replacement of the fixed disk.

Fix Text (F-26781r1_fix)

The System Administrator will see that a log exists to verify that backups are being performed. This list will have the DVD, date and reason for the backup.

Backup security logs. This task will archive a security log for the console.

The backup critical console data backs up the data that is stored on your Hardware Management Console hard disk and is critical to support Hardware Management Console operations. You should back up the Hardware Management Console data after changes have been made to the Hardware Management Console or to the information associated with the processor cluster. Information associated with processor cluster changes is usually information that you are able to modify or add to the Hardware Management Console hard disk. Association of an activation profile to an object, the definition of a group, hardware configuration data, and receiving internal code changes are examples of modifying and adding information, respectively. Use this task after customizing your processor cluster in any way. A backup copy of hard disk information may be restored to your Hardware Management Console following the repair or replacement of the fixed disk.