{"stig":{"title":"IBM Hardware Management Console (HMC) Policies Security Technical Implementation Guide","version":"2","release":"1"},"checks":[{"vulnId":"V-256853","ruleId":"SV-256853r890905_rule","severity":"low","ruleTitle":"Initial Program Load (IPL) Procedures must exists for each partition defined to the system.","description":"If procedures for performing IPLs are not in place, it is extremely difficult to ensure overall operating system integrity.","checkContent":"Have the Systems Administrator validate that IPL Procedures Documentation exists for all partitions that are defined on the system. \n\nUsing the Hardware Management Console, do the following:\n\n1)\tAccess CPC Images Group displays.  (This will list the LPARs.)\n\n2)\tCompare the partition names listed on the Partition Page to validate that IPL procedures exist for each entered on the Central Processor Complex Domain/LPAR Names.  \n\n\tIf IPL Procedures do not exist for each partition, this is a FINDING.\n","fixText":"Create or refine procedures for performing IPLs for the LPARs/partitions defined on the system.\n","ccis":["V-24841"]},{"vulnId":"V-256854","ruleId":"SV-256854r890908_rule","severity":"low","ruleTitle":"Power On Reset (POR) Procedures must be documented for each system.","description":"If procedures for performing PORs are not in place, it is extremely difficult to ensure overall operating system integrity","checkContent":"Review the POR procedures with the System Administrator.\n Review documentation for completeness and accuracy.\n\n\tIf no documentation exists, this is a FINDING\n\n  \n\n","fixText":"Create or refine procedures for performing PORs.\n\n","ccis":["V-24842"]},{"vulnId":"V-256855","ruleId":"SV-256855r890911_rule","severity":"low","ruleTitle":"System shutdown procedures documentation must exist for each partition defined to the system.","description":"If procedures for performing system shutdowns are not in place, it is extremely difficult to ensure overall data and operating system integrity.","checkContent":"Have the System Administrator validate that System Shutdown Documentation exists for all partitions that are defined on the system. \n\na)\tUsing the Hardware Management Console, do the following:\n\n1)\tAccess CPC Images Group displays.  (This will list the LPARs.)\n\n2)\tCompare the partition names listed on the Partition Page to validate that System Shutdown procedures exist for each entered on the Central Processor Complex Domain/LPAR Names.  \n\n\tIf System Shutdown Procedures do not exist for each partition, this is a FINDING. \n\n\n","fixText":"Create or refine procedures for performing system shutdowns for each partition.\n","ccis":["V-24843"]},{"vulnId":"V-256856","ruleId":"SV-256856r890914_rule","severity":"medium","ruleTitle":"Backup of critical data for the HMC and its components  must be documented and tracked","description":"If procedures for performing backup and recovery of critical data for the HMC  is not in place, system recoverability may be jeopardized and overall security compromised.","checkContent":"Review the documentation for backup of critical data for a HMC with the System Administrator.\nReview documentation for completeness and accuracy.\n\nIf no documentation exists, this is a FINDING.\n\n","fixText":"Verify that procedures for backup of the critical data for the HMCs are properly documented. If not, create Backup Procedures documentation.\n\nCPC data should be backed-up when configuration or CPC- licensed internal code changes have been made or as a routine preventive maintenance procedure.","ccis":["V-24844"]}]}