Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-237898 | IBMZ-VM-000020 | SV-237898r858925_rule | High |
Description |
---|
A comprehensive account management process such as provided by External Security Managers (ESM) which includes automation helps to ensure accounts designated as requiring attention are consistently and promptly addressed. Examples include, but are not limited to, using automation to take action on multiple accounts designated as inactive, suspended, or terminated, or by disabling accounts located in non-centralized account stores such as multiple servers. This requirement applies to all account types, including individual/user, shared, group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary, and service. DTCPARMS setting assures that an ESM is enabled. Account management functions include: assigning group or role membership; identifying account type; specifying user access authorizations (i.e., privileges); account removal, update, or termination; and administrative alerts. |
STIG | Date |
---|---|
IBM zVM Using CA VM:Secure Security Technical Implementation Guide | 2022-08-31 |
Check Text ( C-41108r858924_chk ) |
---|
Determine location of "DTCPARMS" File for each of the following installed servers: FTP (FTPSERVE) IMAP (IMAP) NFS (VMNFS) REXEC (REXECD) If each "DTCPARMS" file includes the following statements, this is not a finding. :ESM_Enable.YES :ESM_Racroute.YES (or a valid exit name) :ESM_Validate.YES (or a valid exit name) |
Fix Text (F-41067r649533_fix) |
---|
For each of the following installed severs: FTP (FTPSERVE) IMAP (IMAP) NFS (VMNFS) REXEC (REXECD) Configure the DTCPARMS file in the TCP/IP configuration to include the following statements: :ESM_Enable.YES :ESM_Racroute.YES (or a valid exit name) :ESM_Validate.YES (or a valid exit name) |