Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256864	HLP0030	SV-256864r958472_rule		Medium

Description
Unrestricted control over the issuing of system commands by a Logical Partition could result in unauthorized data access and inadvertent updates. This could result in severe damage to system resources.

STIG	Date
IBM Hardware Management Console (HMC) Security Technical Implementation Guide	2024-06-24

Details

Check Text ( C-60539r890936_chk )
Using the Hardware Management Console, verify that the Logical Partitions cannot issue control program commands to another Logical Partition. Use the PR/SM panel, known as the Security Definitions Page, to do this. The Cross Partition Control option must be turned off. NOTE: The default is that the Cross Partition Control option is turned off. If Processor Resource/Systems Manager (PR/SM) allows unrestricted issuing of control program commands then this is a FINDING

Check Text ( C-60539r890936_chk )

Using the Hardware Management Console, verify that the Logical Partitions cannot issue control program commands to another Logical Partition. Use the PR/SM panel, known as the Security Definitions Page, to do this. The Cross Partition Control option must be turned off.

NOTE: The default is that the Cross Partition Control option is turned off.

If Processor Resource/Systems Manager (PR/SM) allows unrestricted issuing of control program commands then this is a FINDING

Fix Text (F-60482r890937_fix)
Review the Security Definition parameters specified under PR/SM, and turn off the Cross Partition Control option.