U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

IBM Hardware Management Console (HMC) STIG Y23M04 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
IBM z/OS Version 1 Release 10 cpe:/o:ibm:z%2fos:1.10 (View CVEs)
IBM z/OS Version 1 Release 11 cpe:/o:ibm:z%2fos:1.11 (View CVEs)
IBM z/OS Version 1 Release 12 cpe:/o:ibm:z%2fos:1.12 (View CVEs)

Checklist Highlights

Checklist Name:
IBM Hardware Management Console (HMC) STIG
Checklist ID:
358
Version:
Y23M04
Type:
Compliance
Review Status:
Final
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
11/08/2010

Checklist Summary:

The IBM Hardware Management Console (HMC) Overview provides guidance for secure configuration and usage of the IBM HMC Licensed Internal Code application to manage System z resources. IBM HMC Applications will be used to reference the licensed Internal Code application for the remainder of this document. The HMC is a closed platform. Specifically, this means that the customer is not given access to the underlying operating platform and is not allowed to install and run other applications on the HMC. All configuration of the HMC is accomplished using tasks provided by the HMC Application as it is the only user interface (UI) available to HMC. This document covers HMC Versions 2.9.2 and 2.10.0. The HMC is required to be a network-attached device, since this is the path HMC uses to communicate with various System z resources. This overview will describe the functions of the HMC and the Support Element. It will briefly cover the security and configuration settings of the HMC Application and how it is utilized to control the HMC/Support Element.

Checklist Role:

  • Operating System

Known Issues:

Not provided.

Target Audience:

This document applies to all DoD-administered or -managed data center networks, assets, and security domains. The requirements set forth in this document are designed to assist IAMs, Information Assurance Officers (IAOs), and System Administrators (SAs) in support of protecting DoD network infrastructures and resources.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoDD 8500.1

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Version 1, Release 3 - 25 April 2014
Version 1, Release 2 - 23 July 2013
Version 1, Release 1 - 8 November 2010
Version 1, Release 4 - 30 October 2014
Updated status to "Final" - 07 January 2015
Updated "Point of Contact" - 08 January 2015
Updated URL to reflect change to the DISA website - http --> https
updated URL - version is the same - 11/01/2017
corrected resource title - 1/24/2018
Updated URLs - 6/6/19
Updated resource per DISA - 4/27/23
Updated resource per DISA - 4/27/23

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 04/28/2023