CA VM:Secure product Password Encryption (PEF) option must be properly configured to store and transmit cryptographically-protected passwords.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-237911 | SRG-OS-000073-GPOS-00041 | IBMZ-VM-000480 | SV-237911r858957_rule | 2022-08-31 | 2 |
| Description |
|---|
| Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000074-GPOS-00042 |
| ℹ️ Check |
|---|
| Examine the "VMXRPI" Config file used for building the current nucleus. If the "ENCRYP" record is missing, this is a finding. If the "ENCRYPT" record does not specify "DES3", this is a finding. If the DES3KEY Record is missing, this is a finding. |
| ✔️ Fix |
|---|
| Configure the "VMXRPI" Config file to include the following records: ENCRYPT DES3 DES3KEY word1 word2 word3 word4 word5 word6 or DES3KEY EXIT filename EXEC|TEXT |