VMS – OpenVMS VAX/ALPHA Security Readiness Review Security Checklist, Version 2 Release 2

Version 2 Release 2

Final

Not available.

2005-01-28

Operating System

Compaq

OpenVMS Operating System

Versions 5.3 through 7.3

Server

The VMS - OpenVMS SRR targets conditions that undermine the integrity of security, contribute to inefficient security operations and administration, or may lead to interruption of production operations.  Additionally, the review ensures the site has properly installed and implemented the VMS/OpenVMS environment and that it is being managed in a way that is secure, efficient, and effective.  The items reviewed are based on standards and requirements published by DISA in the Security Handbook and other DoD Policy and regulations.  (There is no available VMS – OpenVMS Security Technical Implementation Guide.) The results of the SRR scripts will coincide with the VMS-OpenVMS SRR Checklist with the following: F- Finding, N/F- Not A Finding, N/A- Not Applicable, MR -Manual Review, or NR – Not Reviewed.

DISA Field Security Operations has assigned a level of urgency to each finding based on Chief Information Officer (CIO) established criteria for certification and accreditation.  All findings are based on regulations and guidelines.  All findings require correction by the host organization. Category I findings are any vulnerabilities that provide an attacker immediate access into a machine, superuser access, or access that bypasses a firewall.  Category II findings are any vulnerabilities that provide information that has a high potential of giving access to an intruder.  Category III findings are any vulnerabilities that provide information that potentially could lead to compromise.  Category IV vulnerabilities, when resolved, will prevent the possibility of degraded security.

The VMS - OpenVMS Security Checklist is composed of five major sections and two appendices.  The major sections within this checklist are sections 2A and 3A. Section 2A, the “SRR Results Report”, is comprised of a matrix that allows the reviewer to manually document vulnerabilities discovered during the Security Readiness Review (SRR). Section 3A, “Checklist Procedures”, documents procedures to instruct reviewers about how to manually perform the SRR for each specific PDI.

Not available.

Developped for the DOD.
This document is intended for IAOs, SAs, IAMs, NSOs, and others who are responsible for the configuration, management, or support of information systems.  It assumes that the reader has knowledge of the OpenVMS operating system and is familiar with common computer terminology.

Enterprise and Specialized Security-Limited Functionality.

The scripts need to be unzipped (Windows) or untarred/uncompressed (Unix) and/or copied to the host system (Windows, Unix copy commands).

Not available.

Not available.

Not available.

DOD Directive 8500.

Please refer to the Checklist or the README.txt files provided with the scripts for any comments, warnings, or detailed instructions.

Not available.

It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers.

Defense Information Systems Agency

Not available.

Not available.

Not available.

http://iase.disa.mil/stigs/checklist/index.html

http://iase.disa.mil/stigs/checklist/
vms-openvms_srrchklst_v2r2-01jan2005.zip

SHA1 Digest
(vms-openvms_srrchklst_v2r2-01jan2005.zip) =
b3d7468b4b756b790448f29bd4b9cf3137fc9883

SHA256 Digest
(vms-openvms_srrchklst_v2r2-01jan2005.zip) =
9de980d03031761020c7388928bb76a7e0de8a
950b2375d8478ac62c30d1c1bd

Version 2, Release 1: 2003-10-31
Version 2, Release 2: 2005-01-28

Not available.

Not available.

1080