IBM Hardware Management Console (HMC) Policies Security Technical Implementation Guide

Version	Date	Finding Count (4)			Downloads
2	2023-03-20 2010-11-09 2010-11-09 2010-11-09 2010-11-09 2010-11-09 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14 2015-01-14	CAT I (High): 0	CAT II (Med): 1	CAT III (Low): 3	Excel	JSON	XML

STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Finding ID	Severity	Title	Description
V-256856	Medium	Backup of critical data for the HMC and its components must be documented and tracked	If procedures for performing backup and recovery of critical data for the HMC is not in place, system recoverability may be jeopardized and overall security compromised.
V-256853	Low	Initial Program Load (IPL) Procedures must exists for each partition defined to the system.	If procedures for performing IPLs are not in place, it is extremely difficult to ensure overall operating system integrity.
V-256855	Low	System shutdown procedures documentation must exist for each partition defined to the system.	If procedures for performing system shutdowns are not in place, it is extremely difficult to ensure overall data and operating system integrity.
V-256854	Low	Power On Reset (POR) Procedures must be documented for each system.	If procedures for performing PORs are not in place, it is extremely difficult to ensure overall operating system integrity