The Distributed Console Access Facility (DCAF) Console must be restricted to only authorized personnel.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256860	HLESC080	SV-256860r958726_rule	CCI-002227	medium
Description
The DCAF Console enables an operator to access the ESCON Director Application remotely. Access to a DCAF Console by unauthorized personnel could result in varying of ESCON Directors online or offline and applying configuration changes. Unrestricted use by unauthorized personnel could lead to bypass of security, unlimited access to the system, and an altering of the environment. This would result in a loss of secure operations and will impact data operating integrity of the environment. NOTE: Many newer installations no longer support the ESCON Director Application. For installations not supporting the ESCON Director Application, this check is not applicable.
STIG			Date
IBM Hardware Management Console (HMC) Security Technical Implementation Guide			2024-06-24

Related Frameworks

3 paths across 3 frameworks

NIST 800-531 mapping

AC-6(5)

1.00

DISA · V2R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent

NIST 800-1711 mapping

3.1.5

1.00

DISA · V2R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

CCI1 mapping

CCI-002227

1.00

DISA · V2R1 · disa_xccdf · related

Details

Check Text (C-256860r958726_chk)

If the ESCON Director Application is present, verify that sign-on access to the DCAF Console is restricted to authorized personnel, otherwise, this check is not applicable. If sign-on access to the DCAF Console is not restricted, this is a finding.

Fix Text (F-60478r890925_fix)

Review access authorization to DCAF Consoles. Ensure that all personnel are restricted to authorized levels of access. Remote access to the LAN may be provided through DCAF via a LAN or modem connection. DCAF passwords should be implemented to prevent unauthorized access.