The Flex System Chassis Management Module (CMM) and other management devices each have their own independent security policies that control, audit, and enforce the security settings. The security settings include the network settings and protocols, password and firmware update controls, and trusted computing properties such as secure boot. The security policy is distributed to the chassis devices during the provisioning process.
The CMM and management device security-policy settings can be different. The CMM distributes its security policy to its user registry and to the chassis devices, and a management device distributes its security policy to its user registry.
An administrator or a user with administrative privileges can use the management device or CMM user interfaces and the CMM command-line interface to change the security-policy settings. If the security-policy settings are changed after the chassis devices are up and running, the security policy status will remain in the Pending state until the management processors in the chassis devices restart.
See CMM security, Using the Lenovo Chassis Management Module 2 CLI, and the security documentation for your management device for more information.