DIGITAL Software Product Description ___________________________________________________________________ PRODUCT NAME: POLYCENTER Security Compliance Manager for OpenVMS, Ver- sion 3.1 SPD 26.N1>06 DESCRIPTION POLYCENTER Security Compliance Manager is a product of Touch Technolo- gies, Inc. and licensed under Compaq Computer Corporation's Standard Terms and Conditions. POLYCENTER Security Compliance Manager for OpenVMS (POLYCENTER Secu- rity CM) is a software tool that a security or system manager uses to establish a custom security analysis and reporting system to manage the security of a network of distributed systems. With this tool, the security manager can implement and maintain a security standard con- sistent with corporate security policy for the OpenVMS nodes in the distributed computing environment. FEATURES Centralized Security Management POLYCENTER Security CM includes client-server capabilities for the cen- tral management of security on multiple OpenVMS nodes and clusters. To avail of this central management, you must also purchase and in- stall the POLYCENTER Security Console product on a PC in your network. Compaq recommends that you use POLYCENTER Security Console Manager to manage POLYCENTER Security CM. February 1999 POLYCENTER Security Compliance Manager for OpenVMS, VSPDi26.N1>06 Test Categories POLYCENTER Security CM provides tests to examine the following cat- egories of system settings: o Accounts o Auditing o Files o Network o Passwords o SYSGEN In addition, users can create their own tests and integrate them with POLYCENTER Security CM tests. POLYCENTER Security CM includes the following improved test capabil- ity: o Tests to check for the presence or absence of a specified string in the prelogin message banner and in the postlogin message ban- ner displayed by the operating system. o Additional SYSGEN parameters are supported. o All auditing parameters are supported. o There is no longer a limit on the number of user-defined test col- lections that a system manager can include in an inspector. Account Templates POLYCENTER Security CM allows the user to create account templates which can be used to group accounts according to a user's required test cri- teria. Users can group accounts that share similar characteristics or they can choose to list accounts by name. Users can then apply tests to groups of accounts. For example, it is possible to use a template to specify to the system which accounts are to be considered privi- leged accounts and then to test all privileged accounts for account 2 POLYCENTER Security Compliance Manager for OpenVMS, VSPDi26.N1>06 activity. The POLYCENTER Security Console graphical interface (GUI) is used to create account templates. Exclusion Lists In Version 3.0 it is possible to use the POLYCENTER Security Console GUI to specify files , accounts, and account templates to exclude from some of the tests. Inspectors POLYCENTER Security CM stores tests in entities called inspectors. In- spectors arrange tests hierarchically into subsystems and test col- lections. The system settings that POLYCENTER Security CM testes are defined as test values for the test collections within the inspector. System managers can use POLYCENTER Security Console to easily create and distribute inspectors to nodes and clusters running POLYCENTER Se- curity CM. Reports POLYCENTER Security CM mails reports, summarizing the results of an inspection, to a distribution list specified for each inspector. Re- ports coded in HTML for ease of navigation, can be viewed from the POLY- CENTER Security Console GUI. Reports can also be viewed from the Open- VMS node. Correcting Security Violations POLYCENTER Security CM generates lockdown command procedures that can be used to automatically reset parameters that do not comply with the requirements of the inspector. Users can view and run the command pro- cedures using the POLYCENTER Security Console GUI or the POLYCENTER Security CM command line interface (CLI). Users can also specify that POLYCENTER Security CM is to automatically run the lockdown procedure. 3 POLYCENTER Security Compliance Manager for OpenVMS, VSPDi26.N1>06 POLYCENTER Security CM also generates unlockdown command procedures that can be used to reverse the operation of the corresponding lock- down file. POLYCENTER Security CM generates a corresponding unlock- down command procedure every time it generates a lockdown command pro- cedure. Tokens POLYCENTER Security CM can generate a token after executing any in- spector. Tokens contain summaries of the inspection results. POLYCEN- TER Security CM transmits these tokens to POLYCENTER Security Report- ing Facility (SRF) for OpenVMS node using either DECnet or TCP/IP. Data being transferred is scrambled and is never sent as clear text across the network. POLYCENTER SRF extracts the data from the tokens and stores it in a relational database. POLYCENTER SRF supports centralized man- agement for distributed POLYCENTER Security CM client nodes. Desig- nated users can access this information to monitor the security com- pliance of all the nodes in a network. HARDWARE REQUIREMENTS Processors Supported for OpenVMS VAX Any VAX system that is capable of running OpenVMS VAX version 6.2 and higher with the exception of those processors specifically listed un- der Processors Not Supported. Processors Not Supported MicroVAX I, VAXstation I, VAX-11/725, VAX-11/782, VAXstation 8000 Processors Restrictions A TK50 Tape Drive is required for standalone MicroVAX 2000 and VAXs- tation 2000 systems. Processors Supported for OpenVMS Alpha Any Alpha system that is capable of running OpenVMS Alpha version 6.2 and higher. 4 POLYCENTER Security Compliance Manager for OpenVMS, VSPDi26.N1>06 Disk Space Requirements (Block Cluster Size = 1) ___________________________________________________________________ Task__________VAX_____________Alpha________________________________ Installation: 23,500 20,000 blocks blocks (11.5MB) (9.8MB) Permanent: 12,000 10,000 blocks blocks ______________(5.9MB)_________(4.9MB)______________________________ Processor Restrictions These counts refer to the disk space required on the system disk. The sizes are approximate; actual sizes may vary depending on the user's system environment, configuration, and software options. CLUSTER ENVIRONMENT This layered product is fully supported when installed on any valid and licensed OpenVMS Cluster* configuration without restrictions. The HARDWARE REQUIREMENTS section of this products's Software Product De- scription details any special hardware required by this product. * OpenVMS Cluster configurations are fully described in the OpenVMS Cluster Software Product Description (29.78.xx) and include CI, Eth- ernet, and Mixed Interconnect configurations. SOFTWARE REQUIREMENTS OpenVMS VAX or OpenVMS Alpha Operating System Version 6.2 or higher. To communicate with POLYCENTER Security Console and with POLYCENTER Security SRF you also need one of the following: o DECnet OSI o DECnet for OpenVMS VAX and Alpha 5 POLYCENTER Security Compliance Manager for OpenVMS, VSPDi26.N1>06 o DEC TCP/IP Services for OpenVMS VAX o DEC TCP/IP Services for OpenVMS Alpha o MultiNet GROWTH CONSIDERATIONS The minimum hardware and software requirements for any future version of this product may be different from the requirements for the cur- rent version. DISTRIBUTION MEDIA TK50 Streaming Tape (VAX only), CD-ROM (Alpha) This product is also available as part of the OpenVMS Software Prod- uct Library on CD-ROM. The software documentation for this product is also available as part of the Online Documentation Library on CD-ROM. ORDERING INFORMATION Software License: Unlimited System Use: QL-GKLA9-AA (OpenVMS VAX) Unlimited System Use: QL-2UTA9-AA (OpenVMS Alpha) These are single, generic (tier-neutral)capacity-based POLYCENTER Se- curity Compliance Manager for OpenVMS licenses orderable for any VAX or Alpha processor. Media and Documentation: QA-GKLAA-H5 (OpenVMS VAX) QA-2UTAA-H8 (OpenVMS Alpha) Documentation Only: QA-GKLAA-GZ (OpenVMS VAX) QA-2UTAA-GZ (OpenVMS Alpha) 6 POLYCENTER Security Compliance Manager for OpenVMS, VSPDi26.N1>06 Software Product Services: QT-GKLA*-** (OpenVMS VAX) QT-2UTA*-** (OpenVMS Alpha) SOFTWARE LICENSING This software is furnished under the licensing provisions of Digital Equipment Corporation's Standard Terms and Conditions. For more in- formation about Digital's licensing terms and policies, contact your local Digital office. License Terms for On-line Documentation Electronic Software documentation accompanying the Software may be printed as reasonable necessary to exercise your license to use the Software. License Management Facility Support This layered product supports the OpenVMS License Management Facil- ity. License units for this product are allocated on an Unlimited System Use basis. For more information on the License Management Facility, refer to the OpenVMS Operating System Software Product Description (SPD 25.01.xx) of the OpenVMS Operating System documentation set. SOFTWARE PRODUCT SERVICES A variety of service options are available from Digital. For more in- formation, contact your local Digital Office. In addition to standard SPS remedial services, consulting services for assistance in planning, designing, and implementing a custom security analysis and reporting system with security tools are also available. For more information, contact your local Digital office. 7 POLYCENTER Security Compliance Manager for OpenVMS, VSPDi26.N1>06 SOFTWARE WARRANTY This software is provided by Compaq with a 90-day conformance warranty in accordance with the Compaq warranty terms applicable to the license purchase. The warranty period is 90 days. It begins when the software is installed or thirty days after delivery to the end user, whichever occurs first and expires 90 days later. Warranty is provided in the country of purchase. Compaq will provide a serivce location that will accept reporting (in a format prescribed by Compaq) of a nonconformance problem caused when using the licensed software under normal conditions as defined by this SPD. Compaq will remedy a nonconformance problem in the current unaltered release of the licensed software by issuingcorrection information such as: cor- rection documentation, corrected code, or a notice of availability of corrected code, or a restriction or a bypass. The customer will be re- sponsible for the preparation and submission of the problem report to the service location. WARRANTY EXCLUSION Compaq does not warrant that the software licensed to customer shall be error free, that the software shall satisfy the customer's own spe- cific requirements, or that copoes of the software other than those provided or authorized by Compaq shall conform to this SPD. Compaq makes no warranties with respect to the fitness and operabil- ity of modifications not made by Compaq. If the software fails to function for reasons stated above, the cus- tomer's warranty will be invalidated and all service calls will be bil- lable at the prevailing per call rates. The previous information is valid at the time of release. Please con- tact your local Compaq office for the most up-to-date information. 8 POLYCENTER Security Compliance Manager for OpenVMS, VSPDi26.N1>06 [R] Multinet is a registered trademark of TGV, Inc. [TM] DEC, DECnet, DECwindows, Digital, MicroVAX,OpenVMS, POLY- CENTER, and VMS are trademarks of Compaq Computer Corpora- tion. Compaq and the Compaq logo Registered in U.S.Patent and Trademark Office. © 1999 Compaq Computer Corporation. All rights reserved.) 9