Unauthorized partitions must not exist on the system complex.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-24378	HLP0010	SV-30052r2_rule	ECSC-1	Medium

Description
The running of unauthorized Logical Partitions (LPARs) could allow a “Trojan horse” version of the operating environment to be introduced into the system complex. This could impact the integrity of the system complex and the confidentiality of the data that resides in it.

STIG	Date
IBM Hardware Management Console (HMC) STIG	2017-09-28

Details

Check Text ( C-2925r1_chk )
Using the Hardware Management Console, do the following: Access the Change LPAR Control Panel. (This will list the LPARs.) Compare the partition names listed on the Partition Page to the names entered on the Central Processor Complex Domain/LPAR Names table. Note: Each site should maintain a list of valid LPARS that are configured on thier system , what operating system, and the purpose of each LPAR. If unauthorized partitions exist on the system complex and the deviation is not documented, this is a FINDING.

Check Text ( C-2925r1_chk )

Using the Hardware Management Console, do the following:

Access the Change LPAR Control Panel. (This will list the LPARs.)

Compare the partition names listed on the Partition Page to the names entered on the Central Processor Complex Domain/LPAR Names table.
Note: Each site should maintain a list of valid LPARS that are configured on thier system , what operating system, and the purpose of each LPAR.
If unauthorized partitions exist on the system complex and the deviation is not documented, this is a FINDING.

Fix Text (F-2345r1_fix)
Review the LPARs on the system and remove any unauthorized LPARs. If a deviation exists, the system administrator will provide written justification for the deviation. This will be displayed by using the Change LPAR Control Panel.