AIX7-00-001048 - AIX must protect the confidentiality and integrity of all information at rest - EFS enabled

Information

Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system.

This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Install 'clic.rte' fileset if it is not installed using command:
# installp -aXYqg -d /dev/cd0 clic.rte

Run the follow command to initialize and enable EFS on the system:
# efsenable -a

To create a new EFS-enabled JFS2 file system and mount the file system, using the following commands:
# crfs -v jfs2 -g rootvg -m /fs2 -a size=100M -a efs=yes
# mount /fs2

To enable EFS on a JFS2 file system (like, /fs3), run the following command:
chfs -a efs=yes /fs3

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R5_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-28, CAT|II, CCI|CCI-001199, Rule-ID|SV-215207r508663_rule, STIG-ID|AIX7-00-001048, STIG-Legacy|SV-101547, STIG-Legacy|V-91449, Vuln-ID|V-215207

Plugin: Unix

Control ID: a5a7c2e77f80fc4f54554a9f16fb065ba5779dcc57315a6cbbdaa5d25b5b4292