The IBM z/VM TCP/IP configuration must include an SSLSERVERID statement.

From IBM z/VM Using CA VM:Secure Security Technical Implementation Guide

Part of SRG-OS-000033-GPOS-00014

Associated with: CCI-000068 CCI-001453 CCI-002418 CCI-002421 CCI-002422 CCI-002890 CCI-003123

SV-93565r1_rule The IBM z/VM TCP/IP configuration must include an SSLSERVERID statement.

Vulnerability discussion

The Secure Socket Layer (SSL) server, provides processing support for secure (encrypted) communication between remote clients and z/VM TCP/IP application servers that are configured for secure communications The TCP/IP (stack) server routes requests for secure connections to an SSL server, which interacts with a client on behalf of an application server to perform handshake operations and the exchange of cryptographic parameters for a secure session. The SSL server then manages the encryption and decryption of data for an established, secure session.Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., RDP), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information.Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000250-GPOS-00093, SRG-OS-000424-GPOS-00188, SRG-OS-000426-GPOS-00190, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000423-GPOS-00187

Check content

Examine the “SSLSERVERID” statement in the TCP/IP server configuration file. If the “SSLSERVERID” statement identifies at least one userID for an SSL server, this is not a finding.

Fix text

Configure the “SSLSERVERID” statement to force auto logging of an SSL server before all other servers in the “AUTOLOG” list.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer