IBM z/VM must be protected by an external firewall that has a deny-all, allow-by-exception policy.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-237966 | IBMZ-VM-002360 | SV-237966r649738_rule | Medium |
| Description |
|---|
| Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Firewalls provide monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications. |
| STIG | Date |
|---|---|
| IBM zVM Using CA VM:Secure Security Technical Implementation Guide | 2021-06-16 |
Details
| Check Text ( C-41176r649736_chk ) |
|---|
| Ask the system administrator for a network system plan. If there is no firewall defined for the IBM z/VM system, this is a finding. If the firewall does not have a deny-all, allow-by-exception policy, this is a finding. |
| Fix Text (F-41135r649737_fix) |
|---|
| Ensure that the network has a firewall installed that provides a deny-all, allow-by-exception protection for the IBM z/VM system. |