The IBM z/VM TCP/IP ANONYMOU statement must not be coded in FTP configuration.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-237921 | SRG-OS-000121-GPOS-00062 | IBMZ-VM-000680 | SV-237921r858975_rule | 2022-08-31 | 2 |
| Description |
|---|
| Operating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to cryptographic modules. |
| ℹ️ Check |
|---|
| If there is no FTP Server active, this is not applicable. Examine the "DTCPARMS" file for each active FTP server. If there is ":ANONYMOUS" or ":ANONYMOU" statement, this is a finding. Examine the "SRVRFTP" command. If "ANONYMOU" is coded, this is a finding. |
| ✔️ Fix |
|---|
| Ensure the ":ANONYMOUS" or ":ANONYMOU" statement is not coded in the "DTCPARMS" or "SRVRFTP" command. |