Processor Resource/Systems Manager (PR/SM) must not allow unrestricted issuing of control program commands.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-256864	SRG-OS-000080-GPOS-00048	HLP0030	SV-256864r958472_rule	2024-06-24	2

Description
Unrestricted control over the issuing of system commands by a Logical Partition could result in unauthorized data access and inadvertent updates. This could result in severe damage to system resources.

ℹ️ Check
Using the Hardware Management Console, verify that the Logical Partitions cannot issue control program commands to another Logical Partition. Use the PR/SM panel, known as the Security Definitions Page, to do this. The Cross Partition Control option must be turned off. NOTE: The default is that the Cross Partition Control option is turned off. If Processor Resource/Systems Manager (PR/SM) allows unrestricted issuing of control program commands then this is a FINDING

ℹ️ Check

Using the Hardware Management Console, verify that the Logical Partitions cannot issue control program commands to another Logical Partition. Use the PR/SM panel, known as the Security Definitions Page, to do this. The Cross Partition Control option must be turned off. NOTE: The default is that the Cross Partition Control option is turned off. If Processor Resource/Systems Manager (PR/SM) allows unrestricted issuing of control program commands then this is a FINDING

✔️ Fix
Review the Security Definition parameters specified under PR/SM, and turn off the Cross Partition Control option.