Checklist
Summary |
The VMS - OpenVMS SRR targets conditions that undermine
the integrity of security, contribute to inefficient
security operations and administration, or
may lead to interruption of production operations.
Additionally, the review ensures the site
has properly installed and implemented the
VMS/OpenVMS environment and that it is being
managed in a way that is secure, efficient,
and effective. The items reviewed are
based on standards and requirements published
by DISA in the Security Handbook and other
DoD Policy and regulations. (There is
no available VMS – OpenVMS Security Technical
Implementation Guide.) The results of the
SRR scripts will coincide with the VMS-OpenVMS
SRR Checklist with the following: F- Finding,
N/F- Not A Finding, N/A- Not Applicable, MR
-Manual Review, or NR – Not Reviewed.
DISA Field Security Operations has assigned a level of
urgency to each finding based on Chief Information
Officer (CIO) established criteria for certification
and accreditation. All findings are
based on regulations and guidelines.
All findings require correction by the host
organization. Category I findings are any
vulnerabilities that provide an attacker immediate
access into a machine, superuser access, or
access that bypasses a firewall. Category
II findings are any vulnerabilities that provide
information that has a high potential of giving
access to an intruder. Category III
findings are any vulnerabilities that provide
information that potentially could lead to
compromise. Category IV vulnerabilities,
when resolved, will prevent the possibility
of degraded security.
The VMS - OpenVMS Security Checklist is composed of five
major sections and two appendices. The
major sections within this checklist are sections
2A and 3A. Section 2A, the “SRR Results Report”,
is comprised of a matrix that allows the reviewer
to manually document vulnerabilities discovered
during the Security Readiness Review (SRR).
Section 3A, “Checklist Procedures”, documents
procedures to instruct reviewers about how
to manually perform the SRR for each specific
PDI.
|
Target
Audience |
Developped for the DOD.
This document is intended for IAOs, SAs, IAMs,
NSOs, and others who are responsible for the
configuration, management, or support of information
systems. It assumes that the reader
has knowledge of the OpenVMS operating system
and is familiar with common computer terminology.
|
Comments,
Warnings, Disclaimer, Miscellaneous
|
Please refer to the Checklist or the README.txt files provided
with the scripts for any comments, warnings,
or detailed instructions.
|