The IBM z/VM TCP/IP ANONYMOU statement must not be coded in FTP configuration.
Overview
| Finding ID |
Version |
Rule ID |
IA Controls |
Severity |
| V-237921 |
IBMZ-VM-000680 |
SV-237921r858975_rule |
|
Medium |
| Description |
| Operating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to cryptographic modules. |
Details
| Check Text (C-41131r858973_chk) |
If there is no FTP Server active, this is not applicable.
Examine the "DTCPARMS" file for each active FTP server.
If there is ":ANONYMOUS" or ":ANONYMOU" statement, this is a finding.
Examine the "SRVRFTP" command.
If "ANONYMOU" is coded, this is a finding. |
| Fix Text (F-41090r858974_fix) |
| Ensure the ":ANONYMOUS" or ":ANONYMOU" statement is not coded in the "DTCPARMS" or "SRVRFTP" command. |