← Back to IBM Hardware Management Console (HMC) Security Technical Implementation Guide

V-256885

CAT II (Medium)

A private web server must subscribe to certificates, issued from any DOD-authorized Certificate Authority (CA), as an access control mechanism for web users.

Rule ID

SV-256885r998338_rule

STIG

IBM Hardware Management Console (HMC) Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-003992

Discussion

If the Hardware Management Consoles (HMC) is network-connected, use SSL encryption techniques, through digital certificates to provide message privacy, message integrity and mutual authentication between clients and servers. To maintain data integrity the IBM Certificate distributed with the HMC's is to be replaced by a DOD-authorized Certificate. Note: This check applies only to network-connected HMCs.

Check Content

The System Reviewer will have the system administrator (SA) use the Hardware Management Console Certificate Management Task to validate that the private key and certificate shipped with any network-connected HMC from IBM was replaced with an approved DOD-authorized Certificate.

Note: This check applies only to network-connected HMCs.

Note: DOD certificates should display the following Information: 'OU=PKI.OU=DoD.O=U.S. Government.C=US'

If private web server does not subscribe to certificates issued from any DOD-authorized Certificate Authority (CA) as an access control mechanism for web users, this is a finding.

Fix Text

The SA must order a DOD PKI to replace the IBM Certificate and then use the Hardware Management Console Certificate Management Task to install it.

Note: This only applies to networked HMCs.