IBM Hardware Management Console (HMC) STIG Policies
| Version 1 Release 2 |
| 2015-01-20 |
| U_IBM_Hardware_Management_Console_Policy_V1R2_STIG_Manual-xccdf.xml |
| Policy and Documentation Vulnerabilities for IBM Hardware Management Console (HMC). |
Vulnerabilities (4)
Initial Program Load (IPL) Procedures must exists for each partition defined to the system.
Discussion
If procedures for performing IPLs are not in place, it is extremely difficult to ensure overall operating system integrity.
Fix Text
Create or refine procedures for performing IPLs for the LPARs/partitions defined on the system.
Check Content
Have the Systems Administrator validate that IPL Procedures Documentation exists for all partitions that are defined on the system. Using the Hardware Management Console, do the following: 1) Access CPC Images Group displays. (This will list the LPARs.) 2) Compare the partition names listed on the Partition Page to validate that IPL procedures exist for each entered on the Central Processor Complex Domain/LPAR Names. If IPL Procedures do not exist for each partition, this is a FINDING.
Responsibility
System Administrator
IA Controls
COTR-1
Power On Reset (POR) Procedures must be documented for each system.
Discussion
If procedures for performing PORs are not in place, it is extremely difficult to ensure overall operating system integrity
Fix Text
Create or refine procedures for performing PORs.
Check Content
Review the POR procedures with the System Administrator. Review documentation for completeness and accuracy. If no documentation exists, this is a FINDING
Responsibility
System Administrator
IA Controls
COTR-1
System shutdown procedures documentation must exist for each partition defined to the system.
Discussion
If procedures for performing system shutdowns are not in place, it is extremely difficult to ensure overall data and operating system integrity.
Fix Text
Create or refine procedures for performing system shutdowns for each partition.
Check Content
Have the System Administrator validate that System Shutdown Documentation exists for all partitions that are defined on the system. a) Using the Hardware Management Console, do the following: 1) Access CPC Images Group displays. (This will list the LPARs.) 2) Compare the partition names listed on the Partition Page to validate that System Shutdown procedures exist for each entered on the Central Processor Complex Domain/LPAR Names. If System Shutdown Procedures do not exist for each partition, this is a FINDING.
Responsibility
System Administrator
IA Controls
COTR-1
Backup of critical data for the HMC and its components must be documented and tracked
Discussion
If procedures for performing backup and recovery of critical data for the HMC is not in place, system recoverability may be jeopardized and overall security compromised.
Fix Text
Verify that procedures for backup of the critical data for the HMCs are properly documented. If not, create Backup Procedures documentation. CPC data should be backed-up when configuration or CPC- licensed internal code changes have been made or as a routine preventive maintenance procedure.
Check Content
Review the documentation for backup of critical data for a HMC with the System Administrator. Review documentation for completeness and accuracy. If no documentation exists, this is a FINDING.
Responsibility
System Administrator
IA Controls
COTR-1