Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-24380	HLP0030	SV-30055r2_rule	ECCD-1 ECCD-2	Medium

Description
Unrestricted control over the issuing of system commands by a Logical Partition could result in unauthorized data access and inadvertent updates. This could result in severe damage to system resources.

STIG	Date
IBM Hardware Management Console (HMC) STIG	2017-09-28

Details

Check Text ( C-3642r1_chk )
Using the Hardware Management Console, verify that the Logical Partitions cannot issue control program commands to another Logical Partition. Use the PR/SM panel, known as the Security Definitions Page, to do this. The Cross Partition Control option must be turned off. NOTE: The default is that the Cross Partition Control option is turned off. If Processor Resource/Systems Manager (PR/SM) allows unrestricted issuing of control program commands then this is a FINDING

Check Text ( C-3642r1_chk )

Using the Hardware Management Console, verify that the Logical Partitions cannot issue control program commands to another Logical Partition. Use the PR/SM panel, known as the Security Definitions Page, to do this. The Cross Partition Control option must be turned off.

NOTE: The default is that the Cross Partition Control option is turned off.

If Processor Resource/Systems Manager (PR/SM) allows unrestricted issuing of control program commands then this is a FINDING

Fix Text (F-2347r1_fix)
Review the Security Definition parameters specified under PR/SM, and turn off the Cross Partition Control option.