DCAF Console access must require a password to be entered by each user.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25247	HLESC085	SV-31292r1_rule	ECCD-1 IAIA-1 IAIA-2	Medium

Description
The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthorized personnel could result in varying of ESCON Directors online or offline and applying configuration changes. Unrestricted use by unauthorized personnel could lead to bypass of security, unlimited access to the system, and an altering of the environment. This would result in a loss of secure operations and will impact data operating integrity of the environment.

Description

The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthorized personnel could result in varying of ESCON Directors online or offline and applying configuration changes. Unrestricted use by unauthorized personnel could lead to bypass of security, unlimited access to the system, and an altering of the environment. This would result in a loss of secure operations and will impact data operating integrity of the environment.

STIG	Date
IBM Hardware Management Console (HMC) STIG	2013-06-26

Details

Check Text ( C-31682r1_chk )
Have the System Administrator attempt to sign on to the DCAF Console and validate that a password is required. If sign-on access to the DCAF Console does not require a password this is a FINDING.

Fix Text (F-28169r1_fix)
Have the System Administrator review access authorization to DCAF Consoles. Ensure that all personnel are required to enter a password. Remote access to the LAN may be provided through DCAF via a LAN or modem connection. DCAF passwords should be implemented to prevent unauthorized access.