UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

CA VM:Secure product Password Encryption (PEF) option must be properly configured to store and transmit cryptographically-protected passwords.


Overview

Finding ID Version Rule ID IA Controls Severity
V-237911 IBMZ-VM-000480 SV-237911r858957_rule High
Description
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000074-GPOS-00042
STIG Date
IBM zVM Using CA VM:Secure Security Technical Implementation Guide 2022-08-31

Details

Check Text ( C-41121r858955_chk )
Examine the "VMXRPI" Config file used for building the current nucleus.

If the "ENCRYP" record is missing, this is a finding.

If the "ENCRYPT" record does not specify "DES3", this is a finding.

If the DES3KEY Record is missing, this is a finding.
Fix Text (F-41080r858956_fix)
Configure the "VMXRPI" Config file to include the following records:

ENCRYPT DES3
DES3KEY word1 word2 word3 word4 word5 word6 or
DES3KEY EXIT filename EXEC|TEXT