Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-24355 | HMC0100 | SV-30023r1_rule | IAIA-1 IAIA-2 | Medium |
Description |
---|
Without identification and authentication, unauthorized users could reconfigure the Hardware Management Console or disrupt its operation by logging in to the system or application and execute unauthorized commands. The System Administrator will ensure individual user accounts with passwords are set up and maintained for the Hardware Management Console. |
STIG | Date |
---|---|
IBM HARDWARE MANAGEMENT CONSOLE (HMC) STIG | 2014-04-10 |
Check Text ( C-29861r1_chk ) |
---|
Have the System Administrator prove that individual USER IDs are specified for each user and DD2875 are on file for each user. If USERIDs are shared among multiple users and crresponding DD2875 forms do not exist for each user, then this is a FINDING. |
Fix Text (F-26745r1_fix) |
---|
Have the System Administrator verify that all users of the Hardware Management Console are individually defined with USER IDs and passwords and that their roles and responsibilities are documented. Verify that a DD2875 exists for each USER ID. |