IBM z/VM must be protected by an external firewall that has a deny-all, allow-by-exception policy.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-237966 | IBMZ-VM-002360 | SV-237966r649738_rule | CCI-000366 | medium |
| Description | ||||
| Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Firewalls provide monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications. | ||||
| STIG | Date | |||
| IBM zVM Using CA VM:Secure Security Technical Implementation Guide | 2022-08-31 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V2R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V2R2 · disa_xccdf · related
Details
Check Text (C-237966r649738_chk)
Ask the system administrator for a network system plan.
If there is no firewall defined for the IBM z/VM system, this is a finding.
If the firewall does not have a deny-all, allow-by-exception policy, this is a finding.
Fix Text (F-41135r649737_fix)
Ensure that the network has a firewall installed that provides a deny-all, allow-by-exception protection for the IBM z/VM system.