U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CIS IBM i V7R3M0 Benchmark 1.0.0 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
IBM i System cpe:/o:ibm:i:- (View CVEs)

Checklist Highlights

Checklist Name:
CIS IBM i V7R3M0 Benchmark
Checklist ID:
1226
Version:
1.0.0
Type:
Compliance
Review Status:
Final
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
06/03/2020

Checklist Summary:

This standard provides the baseline security requirements for IBM i systems. An owner must be designated for IBM i electronic information assets including the programs and the data labeled as Confidential or Highly Restricted as defined by the company’s data classification. The owner must designate an administrator who is responsible for the secure configuration and maintenance. Privileges to modify the functionality and services supported by the IBM i must be restricted to the administrator and approved by the IBM i owner. Roles and responsibilities on the IBM i must be clearly defined and documented, and address system, application and data security and operational responsibilities. Roles must include resource owners who are responsible for ensuring that appropriate security controls are defined, implemented and maintained and are ultimately accountable for security, access and performance on their designated resource. Development and production roles and responsibilities must be kept separate to ensure an appropriate segregation of duties. Security administration and/or audit roles and responsibilities should be defined to provide validation of activities performed by the administrators and other privileged users.

Checklist Role:

  • Operating System

Known Issues:

Not provided.

Target Audience:

These standards apply to all applications, databases and connections to the IBM i.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

feedback@cisecurity.org

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

new checklist - 3/1/24
Candidate to Final - 4/19/24

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 04/19/2024