← Back to IBM Hardware Management Console (HMC) Security Technical Implementation Guide

V-256877

CAT II (Medium)

Individual user accounts with passwords must be maintained for the Hardware Management Console operating system and application.

Rule ID

SV-256877r958482_rule

STIG

IBM Hardware Management Console (HMC) Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000760

Discussion

Without identification and authentication, unauthorized users could reconfigure the Hardware Management Console or disrupt its operation by logging in to the system or application and execute unauthorized commands. The System Administrator will ensure individual user accounts with passwords are set up and maintained for the Hardware Management Console.

Check Content

Have the System Administrator prove that individual USER IDs are specified for each user and DD2875 are on file for each user. 

If USERIDs are shared among multiple users and crresponding DD2875 forms do not exist for each user, then this is a FINDING.

Fix Text

Have the System Administrator verify that all users of the Hardware Management Console are individually defined with USER IDs  and passwords and that their roles and responsibilities are documented. Verify that a DD2875 exists for each USER ID.