Checklist Summary:

This checklist is based on a set of commands used with the product LJK/Security to assess the security control compliance with NIST Special Publication 800-53 Recommended Security Controls for Federal Information Systems, published February 28, 2005, on a VMS (OpenVMS) system. Discussion (preceded by an exclamation point on the line) has been added to make this list useful to those who are not using the LJK/Security product but want to test a VMS system against SP 800-53.

Checklist Role:

• Operating System

Known Issues:

Any checksums provided in the checklist are applicable to the version of VMS as released. Files replaced by VMS patches will necessarily have a different checksum.

Target Audience:

Someone fully trained in VMS System Management and use of VMS tools. Note that according to NIST SP 800-53 AC-05, Separation of Duties, this should _not_ be the same individual who has operational responsibility for the system being tested.

Target Operational Environment:

• Managed

Testing Information:

Not provided.

Regulatory Compliance:

FISMA/NIST SP 800-53 R2

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Suggestions in this checklist may be appropriate for some VMS environment, but might not be appropriate for yours.

Product Support:

Controls suggested for alteration by this checklist are supported for customer alteration by the vendor of VMS.

Point of Contact:

NIST_CHECKLIST-LJK_SOFTWARE@sneakemail.com

Sponsor:

None

Licensing:

The LJK/Security product is licensed software, but using this checklist without that product is free to all.

Change History:

5-Apr-2008 V1.2 FIPS-199, NIST 800-53 R2/ICS
21- Mar-2005 V1.1 Minor corrections
1-Mar-2005 V1.0 Initial version following 28-Feb-2005 release of SP 800-53
corrected product - 1/8/2019

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 01/08/2019