IBM z/VM must be protected by an external firewall that has a deny-all, allow-by-exception policy.

From IBM z/VM Using CA VM:Secure Security Technical Implementation Guide

Associated with: CCI-000366

SV-93685r1_rule IBM z/VM must be protected by an external firewall that has a deny-all, allow-by-exception policy.

Vulnerability discussion

Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Firewalls provide monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications.

Check content

Ask the system administrator for a network system plan. If there is no firewall defined for the IBM z/VM system, this is a finding. If the firewall does not have a deny-all, allow-by-exception policy, this is a finding.

Fix text

Ensure that the network has a firewall installed that provides a deny-all, allow-by-exception protection for the IBM z/VM system.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.