Checklist Summary:

The VMS - OpenVMS SRR targets conditions that undermine the integrity of security, contribute to inefficient security operations and administration, or may lead to interruption of production operations. Additionally, the review ensures the site has properly installed and implemented the VMS/OpenVMS environment and that it is being managed in a way that is secure, efficient, and effective. The items reviewed are based on standards and requirements published by DISA in the Security Handbook and other DoD Policy and regulations. (There is no available VMS OpenVMS Security Technical Implementation Guide.) The results of the SRR scripts will coincide with the VMS-OpenVMS SRR Checklist with the following: F- Finding, N/F- Not A Finding, N/A- Not Applicable, MR -Manual Review, or NR - Not Reviewed. DISA Field Security Operations has assigned a level of urgency to each finding based on Chief Information Officer (CIO) established criteria for certification and accreditation. All findings are based on regulations and guidelines. All findings require correction by the host organization. Category I findings are any vulnerabilities that provide an attacker immediate access into a machine, superuser access, or access that bypasses a firewall. Category II findings are any vulnerabilities that provide information that has a high potential of giving access to an intruder. Category III findings are any vulnerabilities that provide information that potentially could lead to compromise. Category IV vulnerabilities, when resolved, will prevent the possibility of degraded security. The VMS - OpenVMS Security Checklist is composed of five major sections and two appendices. The major sections within this checklist are sections 2A and 3A. Section 2A, the SRR Results Report, is comprised of a matrix that allows the reviewer to manually document vulnerabilities discovered during the Security Readiness Review (SRR). Section 3A, Checklist Procedures, documents procedures to instruct reviewers about how to manually perform the SRR for each specific PDI.

Checklist Role:

• Operating System

Known Issues:

Not provided.

Target Audience:

Developped for the DOD. This document is intended for IAOs, SAs, IAMs, NSOs, and others who are responsible for the configuration, management, or support of information systems. It assumes that the reader has knowledge of the OpenVMS operating system and is familiar with common computer terminology.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DOD Directive 8500.

Comments/Warnings/Miscellaneous:

Please refer to the Checklist or the README.txt files provided with the scripts for any comments, warnings, or detailed instructions.

Disclaimer:

Not provided.

Product Support:

It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

04-17-2006 - Version 2, Release 2.3
Added point of contact
Updated URL to reflect change to the DISA website - http --> https
moved to archive status - 4/15/19

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 04/15/2019