This web site uses advanced JavaScript for several data processing functions. Internet Explorer has severe deficiencies in it's JavaScript engine. Please use a modern day browser, such as Chrome or Edge, in order to take full advantage of this web site.
BMC CONTROL-M installation data sets will be properly protected.
BMC CONTROL-M installation data sets have the ability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to these data sets could result in violating the integrity of the base product which could result in compromising the operating system or sensitive data.Information Assurance OfficerSystems Programmer
SV-31940r2_rule
ZCTMA001
CCI-001499
MEDIUM
BMC CONTROL-M STC data sets will be properly protected.
BMC CONTROL-M STC data sets have the ability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to these data sets could result in violating the integrity of the base product which could result in compromising the operating system or sensitive data.Information Assurance OfficerSystems Programmer
SV-32215r4_rule
ZCTMA003
CCI-000035
MEDIUM
BMC CONTROL-M User/Application JCL data sets must be properly protected.
BMC CONTROL-M User/Application JCL data sets have the ability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to these data sets could result in violating the integrity of the base product which could result in compromising the operating system or sensitive data.Information Assurance OfficerSystems Programmer
SV-32070r1_rule
ZCTMA030
CCI-000764
MEDIUM
BMC CONTROL-M Started Task name is not properly identified / defined to the system ACP.
BMC CONTROL-M requires a started task that will be restricted to certain resources, datasets and other system functions. By defining the started task as a userid to the system ACP, It allows the ACP to control the access and authorized users that require these capabilities. Failure to properly control these capabilities, could compromise of the operating system environment, ACP, and customer data.Information Assurance Officer
SV-32058r4_rule
ZCTMA020
CCI-000035
MEDIUM
BMC C0NTROL-M resources must be properly defined and protected.
BMC CONTROL-M can run with sensitive system privileges, and potentially can circumvent system controls. Failure to properly control access to product resources could result in the compromise of the operating system environment, and compromise the confidentiality of customer data. Many utilities assign resource controls that can be granted to system programmers only in greater than read authority. Resources are also granted to certain non-systems personnel with read only authority.Information Assurance OfficerSystems Programmer
SV-32017r1_rule
ZCTM0060
CCI-000035
MEDIUM
BMC CONTROL-M security exits are not installed or configured properly.
The BMC CONTROL-M security exits enable access authorization checking to BMC CONTROL-M commands, features, and online functionality. If these exit(s) is (are) not in place, activities by unauthorized users may result. BMC CONTROL-M security exit(s) interface with the ACP. If an unauthorized exit was introduced into the operating environment, system security could be weakened or bypassed. These exposures may result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerSystems Programmer
SV-31975r1_rule
ZCTMA040
CCI-000035
MEDIUM
BMC CONTROL-M configuration/parameter values are not specified properly.
BMC CONTROL-M configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data.Systems Programmer
SV-32159r2_rule
ZCTMA002
CCI-000213
MEDIUM
BMC CONTROL-M User data sets will be properly protected.
BMC CONTROL-M User data sets, Repository, have the ability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to these data sets could result in violating the integrity of the base product which could result in compromising the operating system or sensitive data.Information Assurance OfficerSystems Programmer
Overview
RMF Control
Vuln Id
Rule Id
Version
CCI
Severity
Description
Details
Check Text ()
Fix Text ()
Feedback
Thank you so much for spending time on this site. We are always seeking feedback for suggestions or feature requests. Please let us know if there is anything you'd like to see added to the site.