National Vulnerability Database

National Vulnerability Database

National Vulnerability

IBM Hardware Management Console (HMC) STIG Version 1, Release 5 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
IBM z/OS Version 1 Release 10 cpe:/o:ibm:z%2fos:1.10 (View CVEs)
IBM z/OS Version 1 Release 11 cpe:/o:ibm:z%2fos:1.11 (View CVEs)
IBM z/OS Version 1 Release 12 cpe:/o:ibm:z%2fos:1.12 (View CVEs)

Checklist Highlights

Checklist Name:
IBM Hardware Management Console (HMC) STIG
Checklist ID:
Version 1, Release 5
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

The IBM Hardware Management Console (HMC) Overview provides guidance for secure configuration and usage of the IBM HMC Licensed Internal Code application to manage System z resources. IBM HMC Applications will be used to reference the licensed Internal Code application for the remainder of this document. The HMC is a closed platform. Specifically, this means that the customer is not given access to the underlying operating platform and is not allowed to install and run other applications on the HMC. All configuration of the HMC is accomplished using tasks provided by the HMC Application as it is the only user interface (UI) available to HMC. This document covers HMC Versions 2.9.2 and 2.10.0. The HMC is required to be a network-attached device, since this is the path HMC uses to communicate with various System z resources. This overview will describe the functions of the HMC and the Support Element. It will briefly cover the security and configuration settings of the HMC Application and how it is utilized to control the HMC/Support Element.

Checklist Role:

  • Operating System

Known Issues:

Not provided.

Target Audience:

This document applies to all DoD-administered or -managed data center networks, assets, and security domains. The requirements set forth in this document are designed to assist IAMs, Information Assurance Officers (IAOs), and System Administrators (SAs) in support of protecting DoD network infrastructures and resources.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoDD 8500.1


Not provided.


Not provided.

Product Support:

Not provided.

Point of Contact:


Not provided.


Not provided.

Change History:

Version 1, Release 3 - 25 April 2014
Version 1, Release 2 - 23 July 2013
Version 1, Release 1 - 8 November 2010
Version 1, Release 4 - 30 October 2014
Updated status to "Final" - 07 January 2015
Updated "Point of Contact" - 08 January 2015
Updated URL to reflect change to the DISA website - http --> https
updated URL - version is the same - 11/01/2017
corrected resource title - 1/24/2018
Updated URLs - 6/6/19


URL Description IBM Hardware Management Console (HMC) STIG - Ver 1, Release Memo


Reference URL Description

NIST checklist record last modified on 06/06/2019