Information
Starting with AIX 7.2 TL5, AIX adds LV encryption (encryption at logical volume level). This is an alternate data at rest encryption solution. Below is a blog about the feature.
In the references there is a link to one of the early blogs (written by an IBMer). The end of blog points to documentation in AIX 7.2 knowledge center.
Rationale:
Some organizations are required to show that data at rest is encrypted. A common example is the PCI (payment card industry) requirement to encrypt so-called sensitive data such as a direct link between card holder name and card number.
Using LV encryption is much like disk encryption of a PC. Once operational, the application environment does not even know the data is encrypted. The encryption is only noticeable when the (disk) storage is mounted somewhere else. Outside of the configured environment all information on the disk (read logical volume) is encrypted.
Impact:
For many uses LVE (logical volume encryption) is much easier to use - by applications - compared to an encryption solution such as EFS (encrypted file system). Once the system boots - and a valid (i.e., authorised) process or user is active on the system - they will have access to data, or not - depending on the classic access controls (e.g., inode DAC controls, ACLs, etc.).
LVE does have specific requirements on the management environment and the systems that can support it. See the blog for specifics. (EFS has no requirements other than it is enabled on AIX 6.1 or later).
No audit or remediation statements are provided. They will need to be provided by whoever implements LVE in your environment.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Default Value:
Not enabled.