Checklist Summary:

This checklist is based on a set of commands used with the product LJK/Security to assess the security control compliance with CNSSI 1253 on a VMS (OpenVMS) system. Discussion (preceded by an exclamation point on the line) has been added to make this list useful to those who are not using the LJK/Security product but want to test a VMS system against CNSSI 1253.

Checklist Role:

• Operating System

Known Issues:

Any checksums provided in the checklist are applicable to the version of VMS as released. Files replaced by VMS patches will necessarily have a different checksum.

Target Audience:

Someone fully trained in VMS System Management and use of VMS tools. Note that according to AC-05, Separation of Duties, this should _not_ be the same individual who has operational responsibility for the system being tested.

Target Operational Environment:

• Managed

Testing Information:

Not applicable.

Regulatory Compliance:

CNSS Instruction 1253, Security Categorization and Control Selection for National Security Systems Version 1, published October 2009

Comments/Warnings/Miscellaneous:

None

Disclaimer:

Suggestions in this checklist may be appropriate for some VMS environment, but might not be appropriate for yours.

Product Support:

Controls suggested for alteration by this checklist are supported for customer alteration by the vendor of VMS

Point of Contact:

NIST_CHECKLIST-LJK_SOFTWARE@sneakemail.com

Sponsor:

None.

Licensing:

The LJK/Security product is licensed software, but using this checklist without that product is free to all.

Change History:

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 07/11/2012