IBM Storage Protect, formerly known as Spectrum Protect or IBM Tivoli Storage Manager (TSM), is a data backup and recovery software solution that helps organizations protect and manage their data across diverse environments. It provides centralized data protection, policy-based management, and efficient deduplication technology, enabling efficient backup, restore, and disaster recovery capabilities for organizations of all sizes.
Securing IBM Storage Protect is essential to protect critical data from unauthorized access, data breaches, and tampering. By implementing robust security measures, organizations can ensure the confidentiality, integrity, and availability of their backup and recovery operations, safeguarding sensitive information and maintaining the trust of customers and stakeholders.
Verifying the security of IBM Storage Protect is critical to identify and address potential vulnerabilities in its infrastructure, reducing the risk of security breaches and data compromise. Regular security reviews help organizations ensure that access controls, encryption, and other security measures are functioning effectively, maintaining the confidentiality, integrity, and availability of backup data. By conducting security scans, organizations can proactively assess their adherence to industry regulations, strengthen their overall security posture, and instill confidence in stakeholders regarding the protection and reliability of their backup and recovery operations.
This page provides a list of recommended secure configuration checks for IBM Storage Protect, and is periodically updated.
Interested to learn about StorageGuard Benchmark Checks for IBM Storage Protect? |
||
|
|
ID | System | Category | Configuration check |
K070E0C0P160 | IBM Storage Protect | Access Control | Approved admin users / groups |
K070E0C0P235 | IBM Storage Protect | Access Control | Idle session timeout |
K070E0C0P180 | IBM Storage Protect | Access Control | Login banner status |
K070E0C0P225 | IBM Storage Protect | Access Control | Max client session |
K070E0C0P190 | IBM Storage Protect | Access Control | Node account lockout threshold |
K070E0C0P045 | IBM Storage Protect | Authentication | Approved / Required LDAP servers (if AD used) |
K070E0C0P195 | IBM Storage Protect | Authentication | Authentication is off |
K070E0C0P075 | IBM Storage Protect | Authentication | Default authentication |
K070E0C0P030 | IBM Storage Protect | Authentication | Default passwords |
K070E0C0P165 | IBM Storage Protect | Authentication | LDAP server configuration (if AD used) |
K070E0C0P230 | IBM Storage Protect | Authentication | LDAP SSL (if AD used) |
K070E0C0P155 | IBM Storage Protect | Authentication | Max password age |
K070E0C0P115 | IBM Storage Protect | Authentication | Maximum password age |
K070E0C0P100 | IBM Storage Protect | Authentication | Minimum password digits |
K070E0C0P105 | IBM Storage Protect | Authentication | Minimum password length |
K070E0C0P200 | IBM Storage Protect | Authentication | Minimum password Length |
K070E0C0P095 | IBM Storage Protect | Authentication | Minimum password lowercase characters |
K070E0C0P085 | IBM Storage Protect | Authentication | Minimum password special characters |
K070E0C0P090 | IBM Storage Protect | Authentication | Minimum password uppercase characters |
K070E0C0P240 | IBM Storage Protect | Authentication | Multifactor authentication |
K070E0C0P110 | IBM Storage Protect | Authentication | Number of disallowed past passwords |
K070E0C0P205 | IBM Storage Protect | Authentication | Server password set status |
K070E0C0P220 | IBM Storage Protect | Authentication | SNMP default community string |
K070E0C0P025 | IBM Storage Protect | Authorization | Authorized backup user |
K070E0C0P140 | IBM Storage Protect | Authorization | Command approval is enabled |
K070E0C0P145 | IBM Storage Protect | Authorization | Command approver user is defined |
K070E0C0P005 | IBM Storage Protect | Authorization | Password file access restriction |
K070E0C0P015 | IBM Storage Protect | Authorization | Read-only commands authority level |
K070E0C0P010 | IBM Storage Protect | Authorization | Read-write commands authority level |
K070E0C0P175 | IBM Storage Protect | Configuration Management | Email alert status |
K070E0C0P170 | IBM Storage Protect | Configuration Management | Mail (SMTP) server configuration |
K070E0C0P060 | IBM Storage Protect | Data Protection | Archive retention protection |
K070E0C0P260 | IBM Storage Protect | Data Protection | Immutable backup |
K070E0C0P130 | IBM Storage Protect | Data Protection | Replication rule status |
K070E0C0P125 | IBM Storage Protect | Data Protection | Retention rule status |
K070E0C0P020 | IBM Storage Protect | Data Protection | Server database backup |
K070E0C0P210 | IBM Storage Protect | Encryption | Data at-rest encryption - storage pool |
K070E0C0P055 | IBM Storage Protect | Encryption | Data encryption strength |
K070E0C0P185 | IBM Storage Protect | Encryption | Data encryption strength |
K070E0C0P135 | IBM Storage Protect | Encryption | Master encryption key protection status |
K070E0C0P035 | IBM Storage Protect | Encryption | Secure client and server communication |
K070E0C0P040 | IBM Storage Protect | Encryption | Server session security |
K070E0C0P080 | IBM Storage Protect | Encryption | TLS level |
K070E0C0P215 | IBM Storage Protect | Hardening | FIPS for SSL (FIPS mode status) |
K070E0C0P120 | IBM Storage Protect | Hardening | FIPS mode status |
K070E0C0P250 | IBM Storage Protect | Isolation | Not member of a Windows domain |
K070E0C0P255 | IBM Storage Protect | Isolation | Unique credentials |
K070E0C0P245 | IBM Storage Protect | Isolation | Use of local users (No AD) |
K070E0C0P070 | IBM Storage Protect | Logging | Audit log retention period |
K070E0C0P065 | IBM Storage Protect | Logging | Event record retention period |
K070E0C0P150 | IBM Storage Protect | Malware Protection | Security notifications status |
And more. |
Interested to learn about StorageGuard secure configuration checks for IBM Storage Protect?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.