← Back to IBM Hardware Management Console (HMC) Security Technical Implementation Guide

V-256859

CAT I (High)

The ESCON Director Application Console Event log must be enabled.

Rule ID

SV-256859r958442_rule

STIG

IBM Hardware Management Console (HMC) Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000169

Discussion

The ESCON Director Console Event Log is used to record all ESCON Director Changes. Failure to create an ESCON Director Application Console Event log results in the lack of monitoring and accountability of configuration changes. In addition, its use in the execution of a contingency plan could be compromised and security degraded. NOTE: Many newer installations no longer support the ESCON Director Console. For installations not supporting the ESCON Director Console, this check is not applicable.

Check Content

If the ESCON Director Console is present, verify on the ESCON Director Application Console that the Event log is in use, otherwise this check is not applicable.

If no Event log exists, this is a finding.

Fix Text

Ensure that an ESCON Director Application Console log is created and in use every time the system is switched on.

The ESCON Director maintains an audit trail at the ESCD console’s fixed disk. This audit trail logs the time, date, and password identification when changes have been made to the ESCON Director.