STIGs Search Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 7 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

IBM Hardware Management Console (HMC) Security Technical Implementation Guide

Version

V2R1

Release Date

Jun 24, 2024

SCAP Benchmark ID

IBM_HMC_STIG

Total Checks

35

Tags

other

CAT I: 10CAT II: 24CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (35)

V-256857HIGHThe Enterprise System Connection (ESCON) Director (ESCD) Application Console must be located in a secure location V-256858MEDIUMSign-on to the ESCD Application Console must be restricted to only authorized personnel.V-256859HIGHThe ESCON Director Application Console Event log must be enabled.V-256860MEDIUMThe Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.V-256861MEDIUMDCAF Console access must require a password to be entered by each user.V-256862MEDIUMUnauthorized partitions must not exist on the system complex.V-256863MEDIUMOn Classified Systems, Logical Partition must be restricted with read/write access to only its own IOCDS.V-256864MEDIUMProcessor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands.V-256865HIGHClassified Logical Partition (LPAR) channel paths must be restricted.V-256866MEDIUMOn Classified Systems the Processor Resource/Systems Manager (PR/SM) must not allow access to system complex data.V-256867HIGHCentral processors must be restricted for classified/restricted Logical Partitions (LPARs).V-256868HIGHThe Hardware Management Console must be located in a secure location.V-256869MEDIUMDial-out access from the Hardware Management Console Remote Support Facility (RSF) must be restricted to an authorized vendor site.V-256870HIGHDial-out access from the Hardware Management Console Remote Support Facility (RSF) must be disabled for all classified systems.V-256871MEDIUMAccess to the Hardware Management Console must be restricted to only authorized personnel.V-256872MEDIUMAccess to the Hardware Management Console (HMC) must be restricted by assigning users proper roles and responsibilities.V-256873MEDIUMAutomatic Call Answering to the Hardware Management Console must be disabled.V-256874MEDIUMThe Hardware Management Console Event log must be active.V-256875HIGHThe manufacturer’s default passwords must be changed for all Hardware Management Console (HMC) Management software.V-256876MEDIUMPredefined task roles to the Hardware Management Console (HMC) must be specified to limit capabilities of individual users.V-256877MEDIUMIndividual user accounts with passwords must be maintained for the Hardware Management Console operating system and application.V-256878MEDIUMThe PASSWORD History Count value must be set to 10 or greater.V-256879MEDIUMThe PASSWORD expiration day(s) value must be set to equal or less then 60 days.V-256880MEDIUMMaximum failed password attempts before disable delay must be set to 3 or less.V-256881LOWA maximum of 60-minute delay must be specified for the password retry after 3 failed attempts to enter your password V-256882MEDIUMThe password values must be set to meet the requirements in accordance with DODI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE [IA] AND COMPUTER NETWORK DEFENSE [CND]).V-256883MEDIUMThe terminal or workstation must lock out after a maximum of 15 minutes of inactivity, requiring the account password to resume.V-256884MEDIUMThe Department of Defense (DoD) logon banner must be displayed prior to any login attempt.V-256885MEDIUMA private web server must subscribe to certificates, issued from any DOD-authorized Certificate Authority (CA), as an access control mechanism for web users.V-256886MEDIUMHardware Management Console audit record content data must be backed up.V-256887MEDIUMAudit records content must contain valid information to allow for proper incident reporting.V-256888MEDIUMHardware Management Console management must be accomplished by using the out-of-band or direct connection method.V-256889HIGHProduct engineering access to the Hardware Management Console must be disabled.V-256890HIGHConnection to the Internet for IBM remote support must be in compliance with the Remote Access STIGs.V-256891HIGHConnection to the Internet for IBM remote support must be in compliance with mitigations specified in the Ports and Protocols and Services Management (PPSM) requirements.