z/OS TSS STIG

U_OS_TSS_V6R40_STIG_Manual-xccdf.xml

Details

Version / Release: V6R40

Published: 2019-03-26

Updated At: 2019-05-04 00:37:31

Actions

Download

Filter


Vuln Rule Version CCI Severity Title Description
SV-22r2_rule TSS1000 CCI-000213 MEDIUM Dataset masking characters are not properly defined to the security database. TSS provides masking as an additional method for reducing the number of entries that must be made to secure the installation data sets. Shared patterns can be used as the operands of data set parameters. If these characters are not defined to the database, each data set name or resource must be specifically entered into the database. This additional workload for security administrator presents the increased possibility of exposure when granting access to data sets.Information Assurance OfficerDCCS-1, DCCS-2
SV-7356r5_rule ZSMS0010 CCI-000213 MEDIUM DFSMS resources must be protected in accordance with the proper security requirements. DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and effectively bypass all ACP data set and volume controls. Failure to properly protect DFSMS resources may result in unauthorized access. This exposure could compromise the availability and integrity of the operating system environment, system services, and customer data.
SV-34r3_rule AAMV0450 CCI-000271 MEDIUM System programs (e.g., exits, SVCs, etc.) must have approval of appropriate authority and/or documented correctly. Many vendor products and applications require or provide operating system exits, SVCs, I/O appendages, special PPT privileges, and APF authorization. Without proper review, approval and adequate documentation of these system programs, the integrity and availability of the operating system, ACP, and customer data are subject to compromise.Information Assurance OfficerDCCS-1, DCCS-2, DCPD-1
SV-6410r7_rule ACP00270 CCI-000213 HIGH Dynamic lists must be protected in accordance with proper security requirements. Dynamic lists provide a method of making z/OS system changes without interrupting the availability of the operating system. Failure to properly control access to these facilities could result in unauthorized personnel modifying sensitive z/OS lists. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data. Information Assurance OfficerSystems Programmer
SV-7533r3_rule ZCIC0040 CCI-000764 MEDIUM CICS region logonid(s) must be defined and/or controlled in accordance with the security requirements. CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and terminal users) may provide an exposure and vulnerability within the CICS environment. This could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.Information Assurance Officer
SV-7347r5_rule ZJES0060 CCI-000213 MEDIUM Surrogate users or Cross-Authorized ACIDs must be controlled in accordance with the proper requirements. Surrogate users/Cross-Authorized ACIDs have the ability to submit jobs on behalf of another user (the execution user) without specifying the execution user's password. Jobs submitted by surrogate users/Cross-Authorized ACIDs run with the identity of the execution user. Failure to properly control surrogate users/Cross-Authorized ACIDs could result in unauthorized personnel accessing sensitive resources. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-68r3_rule TSS0275 CCI-000336 MEDIUM The CANCEL Control Option value specified is set to CANCEL. The CANCEL Control Option allows security administrators to use the O/S CANCEL command to bring the TSS address space down. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-70r2_rule TSS0249 CCI-002234 MEDIUM The ADMINBY Control Option is not set to ADMINBY. The ADMINBY Control Option enables administrative information to be recorded for facilities added and resources permitted. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-82r2_rule AAMV0010 CCI-000326 LOW A CMP (Change Management Process) is not being utilized on this system. Without proper tracking of changes to the operating system software environment, its processing integrity and availability are subject to compromise.Systems ProgrammerDCCS-1, DCCS-2, ECSD-1, ECSD-2
SV-83r2_rule AAMV0030 CCI-000381 MEDIUM LNKAUTH=APFTAB is not specified in the IEASYSxx member(s) in the currently active parmlib data set(s). Failure to specify LINKAUTH=APFTAB allows libraries other than those designated as APF to contain authorized modules which could bypass security and violate the integrity of the operating system environment. This expanded authorization list inhibits the ability to control inclusion of these modules.Systems ProgrammerDCCS-1, DCCS-2, DCSL-1
SV-84r2_rule AAMV0040 CCI-000381 LOW Inaccessible APF libraries defined. If a library designated by an APF entry does not exist on the volume specified, a library of the same name may be placed on this volume and inherit APF authorization. This could allow the introduction of modules which bypass security and violate the integrity of the operating system environment.Systems ProgrammerDCCS-1, DCCS-2, DCSL-1
SV-85r2_rule AAMV0050 CCI-001762 LOW Duplicated sensitive utilities and/or programs exist in APF libraries. Modules designated as sensitive utilities have the ability to significantly modify the operating system environment. Duplication of these modules causes an exposure by making it extremely difficult to track modifications to them. This could allow for the execution of invalid or trojan horse versions of these utilities.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1
SV-86r4_rule AAMV0060 CCI-000643 MEDIUM The review of AC=1 modules in APF authorized libraries must be reviewed annually and documentation verifying the modules integrity must be available. The review of AC=1 modules that reside in APF authorized libraries must be reviewed annually. The IAO will maintain documentation identifying the integrity and justification of Vendor APF authorized libraries. For non-vendor APF authorized libraries, the source and documentation identifying the integrity and justification that describes the AC=1 module process will be maintained by the IAO. Sites have undocumented and/or unauthorized AC=1 modules have a possible risk to the confidentiality, integrity, and availability of the system and present a clear risk to the operating system, ACP, and customer data.trueInformation Assurance Officer
SV-90r2_rule AAMV0160 CCI-000381 MEDIUM Inapplicable PPT entries have not been invalidated. If invalid or inapplicable PPT entries exist, a venue is provided for the introduction of trojan horse modules with security bypass capabilities.Systems ProgrammerDCCS-1, DCCS-2
SV-100r2_rule AAMV0350 CCI-001762 LOW Non-existent or inaccessible LINKLIST libraries. LINKLIST libraries give a common access point for the general usage of modules. Many of the subsystems installed on a domain rely upon these modules for proper execution. If the list of libraries found in this LINKLIST is not properly maintained, the integrity of the operating environment is subject to compromise.Systems ProgrammerDCCS-1, DCCS-2, DCSL-1
SV-101r2_rule AAMV0370 CCI-000057 MEDIUM Non-standard SMF data collection options specified. SMF data collection is the basic unit of tracking of all system functions and actions. Included in this tracking data are the audit trails from each of the ACPs. If the control options for the recording of this tracking are not properly maintained, then accountability cannot be monitored, and its use in the execution of a contingency plan could be compromised.trueInformation Assurance OfficerDCCS-1, DCCS-2, ECAR-1, ECAR-2, ECAR-3
SV-102r5_rule AAMV0380 CCI-000130 MEDIUM Required SMF data record types must be collected. SMF data collection is the basic unit of tracking of all system functions and actions. Included in this tracking data are the audit records from each of the ACPs and system. If the required SMF data record types are not being collected, then accountability cannot be monitored, and its use in the execution of a contingency plan could be compromised.Information Assurance Officer
SV-103r2_rule AAMV0400 CCI-001348 MEDIUM An automated process is not in place to collect and retain SMF data. SMF data collection is the basic unit of tracking of all system functions and actions. Included in this racking data is the audit trail from the ACP. If the control options for the recording of this tracking are not properly maintained, then accountability cannot be monitored and its use in the execution of a contingency plan could be compromised. Failure to collect SMF data in a timely fashion can result in the loss of critical system data.Information Assurance OfficerCODB-2, DCCS-1, DCCS-2
SV-104r2_rule AAMV0410 CCI-000549 MEDIUM ACP database is not on a separate physical volume from its backup and recovery datasets. The ACP backup and recovery data files provide the only means of recovering the ACP database in the event of its damage. In the case where this damage is to the physical volume on which it resides, and any of these recovery data files exist on this volume as well, then complete recovery of the ACP database would be extremely difficult, if even possible.Systems ProgrammerCODB-2, DCCS-1, DCCS-2
SV-105r2_rule AAMV0420 CCI-000537 MEDIUM ACP database is not backed up on a scheduled basis. Loss of the ACP database would cause an interruption in the service of the operating system environment. If regularly scheduled backups of this database are not processed, system recovery time could be unacceptably long.Information Assurance OfficerCODB-2, DCCS-1, DCCS-2
SV-106r2_rule AAMV0430 CCI-000537 MEDIUM System DASD backups are not performed on a regularly scheduled basis. If backups of the operating environment are not properly processed, implementation of a contingency plan would not include the data necessary to fully recover from any outage.Information Assurance OfficerCODB-2, DCCS-1, DCCS-2
SV-107r2_rule AAMV0440 CCI-000366 MEDIUM PASSWORD data set and OS passwords are utilized. All protection of system resources must come from the ACP. If multiple protection mechanisms are in place, the accessibility of data, specifically under contingency plan execution, is subject to compromise.Systems ProgrammerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-108r2_rule ACP00010 CCI-000213 HIGH SYS1.PARMLIB is not limited to only system programmers. SYS1.PARMLIB contains the parameters which control system IPL, configuration characteristics, security facilities, and performance. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECAR-1, ECAR-2, ECAR-3
SV-109r2_rule ACP00020 CCI-000213 MEDIUM Access to SYS1.LINKLIB is not properly protected. This data set is automatically APF-authorized, contains system SVCs and the base PPT. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECAR-1, ECAR-2, ECAR-3
SV-110r3_rule ACP00030 CCI-000213 HIGH Write or greater access to SYS1.SVCLIB must be limited to system programmers only. This data set is automatically APF-authorized, contains system SVCs, and may also contain I/O appendages. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECAR-1, ECAR-2, ECAR-3
SV-111r4_rule ACP00040 CCI-000213 HIGH Write or greater access to SYS1.IMAGELIB must be limited to system programmers only. SYS1.IMAGELIB is a partitioned data set containing universal character set (UCS), forms control buffer (FCB), and printer control information. Most IBM standard UCS images are included in SYS1.IMAGELIB during system installation. This data set should be protected as a z/OS system data set.Information Assurance Officer
SV-112r3_rule ACP00050 CCI-000213 HIGH Write or greater access to SYS1.LPALIB must be limited to system programmers only. SYS1.LPALIB is automatically APF-authorized during IPL processing and can contain SVCs. LPA modules, once loaded into the Link Pack Area, are capable of performing APF-authorized functions. This authorization allows a program to bypass various levels of security checking. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECAR-1, ECAR-2, ECAR-3
SV-113r2_rule ACP00060 CCI-000213 HIGH Update and allocate access to all APF -authorized libraries are not limited to system programmers only. The Authorized Program List designates those libraries that can contain program modules which possess a significant level of security bypass capability. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECAR-1, ECAR-2, ECAR-3
SV-114r3_rule ACP00070 CCI-000213 HIGH Write or greater access to all LPA libraries must be limited to system programmers only. LPA modules, once loaded into the Link Pack Area, are capable of performing APF-authorized functions. This authorization allows a program to bypass various levels of security checking. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECAR-1, ECAR-2, ECAR-3
SV-115r3_rule ACP00080 CCI-000213 HIGH Write or greater access to SYS1.NUCLEUS must be limited to system programmers only. This data set contains a large portion of the system initialization (IPL) programs and pointers to the master and alternate master catalog. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECAR-1, ECAR-2, ECAR-3
SV-116r3_rule ACP00100 CCI-000213 HIGH Write or greater access to libraries that contain PPT modules must be limited to system programmers only. Specific PPT designated program modules possess significant security bypass capabilities. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECAR-1, ECAR-2, ECAR-3
SV-117r2_rule ACP00110 CCI-000213 MEDIUM Update and allocate access to LINKLIST libraries are not limited to system programmers only. The primary function of the LINKLIST is to serve as a single repository for commonly used system modules. Failure to ensure that the proper set of libraries are designated for LINKLIST can impact system integrity, performance, and functionality. For this reason, controls must be employed to ensure that the correct set of LINKLIST libraries are used. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECAR-1, ECAR-2, ECAR-3
SV-118r6_rule ACP00120 CCI-000213 HIGH The ACP security data sets and/or databases must be properly protected. The Access Control Program (ACP) database files contain all access control information for the operating system environment and system resources. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance Officer
SV-119r4_rule ACP00130 CCI-000213 HIGH Access greater than Read to the System Master Catalog must be limited to system programmers only. System catalogs are the basis for locating all files on the system. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data. Information Assurance Officer
SV-120r2_rule ACP00140 CCI-000213 MEDIUM Update and allocate access to all system-level product installation libraries are not limited to system programmers only. System-level product installation libraries constitute the majority of the systems software libraries. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1
SV-121r2_rule ACP00150 CCI-000213 MEDIUM Update and allocate access to the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) are not limited to system programmers only. The JES2 System data sets are a common repository for all jobs submitted to the system and the associated printout and configuration of the JES2 environment. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1
SV-122r3_rule ACP00170 CCI-000213 HIGH Write or greater access to SYS1.UADS must be limited to system programmers only and read and update access must be limited to system programmer personnel and/or security personnel. SYS1.UADS is the data set where emergency USERIDs are maintained. This ensures that logon processing can occur even if the ACP is not functional. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECAR-1, ECAR-2, ECAR-3, ECCD-1, ECCD-2
SV-123r2_rule ACP00180 CCI-000162 MEDIUM Update and allocate access to SMF collection files (i.e., SYS1.MANx) are not limited to system programmers and/or batch jobs that perform SMF dump processing. SMF data collection is the system activity journaling facility of the z/OS system. With the proper parameter designations it serves as the basis to ensure individual user accountability. SMF data is the primary source for cost charge back in DISA. Unauthorized access could result in the compromise of logging and recording of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECAR-1, ECAR-2, ECAR-3, ECCD-1, ECCD-2
SV-124r2_rule ACP00190 CCI-000162 MEDIUM Update and allocate access to data sets used to backup and/or dump SMF collection files are not limited to system programmers and/or batch jobs that perform SMF dump processing. SMF backup data sets are those data sets to which SMF data has been offloaded in order to ensure a historical tracking of individual user accountability. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECAR-1, ECAR-2, ECAR-3, ECCD-1, ECCD-2
SV-125r2_rule ACP00200 CCI-000213 MEDIUM Access to SYSTEM DUMP data sets are not limited to system programmers only. System DUMP data sets are used to record system data areas and virtual storage associated with system task failures. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-126r2_rule ACP00210 CCI-000213 MEDIUM Update and allocate access to System backup files are not limited to system programmers and/or batch jobs that perform DASD backups. System backup data sets are necessary for recovery of DASD resident data sets. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerCODB-1, DCCS-1, DCCS-2, ECCD-1
SV-127r2_rule ACP00220 CCI-000213 MEDIUM Access to SYS(x).TRACE is not limited to system programmers only. SYS1.TRACE is used to trace and debug system problems. Unauthorized access could result in a compromise of the integrity and availability of all system data and processes.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-128r2_rule ACP00230 CCI-000213 MEDIUM Access to System page data sets (i.e., PLPA, COMMON, and LOCALx) are not limited to system programmers. Page data sets hold individual pages of virtual storage when they are paged out of real storage. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-129r3_rule ACP00240 CCI-000213 HIGH Write or greater access to Libraries containing EXIT modules must be limited to system programmers only. System exits have a wide range of uses and capabilities within any system. Exits may introduce security exposures within the system, modify audit trails, and alter individual user capabilities. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, DCSL-1
SV-31712r5_rule ACP00260 CCI-000213 MEDIUM Memory and privileged program dumps must be protected in accordance with proper security requirements. Access to memory and privileged program dumps running Trusted Control Block (TCB) key 0-7 may hold passwords, encryption keys, or other sensitive data that must not be made available. Failure to properly control access to these facilities could result in unauthorized personnel modifying sensitive z/OS lists. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-184r3_rule ZTSO0020 CCI-000764 HIGH LOGONIDs must not be defined to SYS1.UADS for non-emergency use. SYS1.UADS is a dataset where LOGONIDs will be maintained with applicable password information when the ACP is not functional. If an unauthorized user has access to SYS1.UADS, they could enter their LOGONID and password into the SYS1.UADS dataset and could give themselves all special attributes on the system. This could enable the user to bypass all security and alter data. They could modify the audit trail information so no trace of their activity could be found.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-188r2_rule TSS0250 CCI-000366 MEDIUM The ADSP (Automatic DataSet Protection) Control Option is not set to (NO). The ADSP Control Option allows the TSS administrator to determine whether newly created data sets will be automatically protected. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-189r2_rule TSS0260 CCI-000213 MEDIUM The AUTH Control Option values specified are not set to (OVERRIDE,ALLOVER) or (MERGE,ALLOVER). The AUTH Control Option indicates whether TSS will merge the user, profile, and all record for its access search, or whether TSS will search each one separately. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-190r4_rule TSS0270 CCI-001028 MEDIUM The AUTOERASE Control Option must be set to (ALL) for all systems. AUTOERASE will force TSS to erase all residual information on DASD. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance Officer
SV-191r2_rule TSS0280 CCI-001762 MEDIUM The CPFRCVUND Control Option value specified is not set to (NO). The CPFRCVUND Control Option indicates whether or not the local node can receive commands propagated from nodes which have not been defined to the CPFNODES list. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-193r2_rule TSS0320 CCI-002883 MEDIUM The DEBUG Control Option value is not set to (OFF). The DEBUG Control Option controls the production of debugging dumps used to determine the cause of abnormal error conditions. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-194r3_rule TSS0330 CCI-000366 MEDIUM TSS MODIFY output must specify ACTIVE DIAGTRAP ENTRIES: ON = 00. The DIAGTRAP Control Option is used to produce a diagnostic dump. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance Officer
SV-195r2_rule TSS0350 CCI-000366 MEDIUM The DL1B Control Option is not set to (NO). The DL1B Control Option is used to implement PSB and DBD security for IMS batch regions, and to provide access to the TSS application interface program. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-196r2_rule TSS0360 CCI-001190 MEDIUM The DOWN Control Option values specified are not set to (BW,SB,OW) and TW if users are still defined in SYS1.UADS, TN if only systems personnel are defined in SYS1.UADS. The DOWN Control Option determines how jobs are initiated and passwords changed when the TSS address space is inactive. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-197r2_rule TSS0380 CCI-000764 MEDIUM The EXIT Control Option is not set to (ON) for DISA sites. The EXIT Control Option activates and deactivates the installation exit. For non DISA sites this value is site defined. DISA sites use NCPASS. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system-environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-198r2_rule TSS0390 CCI-000366 MEDIUM The HPBPW Control Option is not set to (3) days maximum. The HPBPW Control Option selects the maximum number of days that TSS will honor an expired or previous password for batch jobs. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-199r3_rule TSS0400 CCI-000017 MEDIUM The INACTIVE Control Option must be properly set. The INACTIVE Control Option selects the number of days before TSS will deny an unused ACID access to the system after that ACIDs password has expired. There must be no access allowed after password expiration. Suspension for inactivity should be handled using ACP00310. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance Officer
SV-200r2_rule TSS0410 CCI-000366 MEDIUM The INSTDATA Control Option is not set to (0). The INSTDATA Control Option controls the value of the 4-byte global data installation data area. This value is passed to the security exit developed at a particular site. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-201r3_rule TSS0420 CCI-000366 MEDIUM The IOTRACE Control option must be set to (OFF). The IOTRACE Control Option controls a diagnostic trace for use by technical support. The trace is produced on the TRACE/LOG data set. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance Officer
SV-203r2_rule TSS0440 CCI-000130 MEDIUM The LOG Control Option is not set to (SMF,INIT, SEC9, MSG). . The LOG Control Option identifies the types of events that TSS will log, and specifies whether the events will be logged onto the audit tracking file and into the SMF files. This option also specifies if the violation message will be displayed. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-204r2_rule TSS0450 CCI-000366 MEDIUM The LUUPDONCE Control Option value specified is not set to (NO). The LUUPDONCE Control Option indicates whether or not users last-used statistics are updated once a day following their first successful logon. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-205r3_rule TSS0460 CCI-000366 HIGH The MODE Control Option must be set to (FAIL). The MODE Control Option selects the security mode in which TSS will operate for all facilities. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance Officer
SV-206r2_rule TSS0470 CCI-002361 MEDIUM The MSUSPEND Control Option is not set to (YES). The MSUSPEND Control Option allows the MSCA ACID to be suspended automatically if the password violation threshold is set via the PTHRESH option and that limit is exceeded. This will prevent a user from making an unlimited number of guess attempts to determine the MSCAs password. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-207r3_rule TSS0480 CCI-000192 MEDIUM NEWPW Control Options must be properly set. Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password , the greater the number of possible combinations that need to be tested before the password is compromised. Use of a complex password helps to increase the time and resources required to compromise the password. The NEWPW Control Option specifies the rules that TSS will apply when a user selects a new password. Improper setting of any of these fields, individually or in combination with another, can result in weakened passwords and compromise the security of the processing environment.Information Assurance OfficerDCCS-1, DCCS-2
SV-208r2_rule TSS0490 CCI-002207 MEDIUM The NJEUSER Control Option is not set to (NJESTORE). The NJEUSER Control Option is used to define a default ACID to be used for NJE store and forward nodes where no other ACID can be identified. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-209r2_rule TSS0500 CCI-000044 MEDIUM The NPWRTHRESH Control Option is not set to (02). The NPWRTHRESH Control Option sets the threshold value for the number of attempts allowed for new password reverification before complete logon sequence needs restarting. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-210r2_rule TSS0530 CCI-000366 MEDIUM The PRODUCTS Control Option is not set to (TSO/E) . The PRODUCTS Control Option allows the site to list special products that are installed on the system. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-211r2_rule TSS0540 CCI-000044 MEDIUM The PTHRESH Control Option is not set to (2). The PTHRESH Control Option selects a maximum password violation threshold. If the user exceeds the specified threshold by entering the wrong password too many times, TSS suspends the ACID. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-212r2_rule TSS0550 CCI-000199 MEDIUM The PWEXP Control Option is not set to (60). The PWEXP Control Option allows the site to specify a password expiration interval. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-213r2_rule TSS0560 CCI-000200 MEDIUM The PWHIST Control Option is not set to (10) or greater. The purpose of the password history is to prevent users from reusing old passwords when their current one expires. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-215r2_rule TSS0580 CCI-000366 MEDIUM The RECOVER Control Option is not set to (ON). The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-216r2_rule TSS0590 CCI-000366 MEDIUM The SECTRACE Control Option is not set to (OFF). The SECTRACE Control Option activates a diagnostic security trace on the activities of all defined users. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-217r2_rule TSS0600 CCI-002233 MEDIUM The SUBACID Control Option is not set to (U,8). The SUBACID Control Option indicates how TSS will derive an ACID for batch jobs that are submitted through an online terminal, from another batch job, or from a started task. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-219r2_rule TSS0620 CCI-000366 LOW The SYSOUT Control Option is not set to (x,LOCAL). **Note: 'x' represents a site defined JES SYSOUT class The SYSOUT Control Option spins off a TSS diagnostic log, and specifies the SYSOUT class and destination for the log. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-220r2_rule TSS0630 CCI-000366 MEDIUM The TAPE Control Option is not set to (OFF). The TAPE Control Option specifies the type of tape protection in effect at the installation. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-221r2_rule TSS0640 CCI-000366 MEDIUM The TEMPDS Control Option is not set to (YES). The TEMPDS Control Option allows an installation to determine whether or not temporary data sets will be protected. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-222r2_rule TSS0650 CCI-000174 MEDIUM The TIMER Control Option is not set to (30). The TIMER Control Option controls the interval at which data is written from TSS buffers to the audit tracking file. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-223r2_rule TSS0730 CCI-002361 MEDIUM The VTHRESH Control Option values specified are not set to (10,NOT,CAN). The VTHRESH Control Option selects an access violation threshold for users, batch jobs and started tasks, and selects the action that TSS will take when the threshold is reached. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-224r2_rule TSS0740 CCI-000764 LOW User ACIDs and Control ACIDs do not have the NAME field completed. Every User ACID should be assigned to an individual using the name field. Within the ACID record, the users NAME field should be completed. If this field is not completed for each user, user accountability will become lost. A completed NAME field must be either traced back to a current DD2875 or a Vendor Requirement (example: A Started Task). A user may be required to have more than one logonid but users must not share userids. Information Assurance OfficerDCCS-1, DCCS-2
SV-225r4_rule TSS0750 CCI-000764 HIGH PASSWORD(NOPW) option must not be specified for any ACID type. The PASSWORD(NOPW) option if specified, would allow access to ACIDs capability without specifying a password. This includes all ACID types (including USER, DCA, VCA, ZCA, LSCA, SCA, and MSCA) except for structure ACIDS such as: DEPARTMENT, DIVISION, ZONE, GROUP, and PROFILE. This would cause user accountability to be lost for those ACIDs and they could conceivably possess more authority than is necessary for them to do their job.Information Assurance Officer
SV-226r2_rule TSS0760 CCI-002233 MEDIUM Propagation control is not in use, thus allowing ACID inheritance. Batch jobs should have associated ACIDs identified to the system to designate the resources available to the job. Propagation control is used to secure special ACIDs that are not subject to automatic propagation of batch jobs. If propagation control is not used, the ACIDs authority of the subsystem is inherited. Failure to control batch job propagation could compromise the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2
SV-227r3_rule TSS0770 CCI-002233 MEDIUM Scheduled production batch ACIDs must specify the BATCH Facility and the Batch Job Scheduler must be authorized to the Scheduled production batch ACID. Batch jobs should have associated ACIDs defined to the system to designate the resources available to the job. Access levels for batch jobs should be limited to those levels required to perform its established function. Failure to control batch job access authorizations could compromise the operating system environment and customer data.Information Assurance OfficerDCCS-1, DCCS-2
SV-228r3_rule TSS0790 CCI-002235 MEDIUM Default ACID must be properly defined. The default ACID will be applied to any job that does not have a valid ACID associated with it. The FAIL mode ensures that access requests not conforming to the existing rule will fail. If the default ACID is allowed to successfully execute any batch job, there is a loss of accountability. Additionally, a job could modify or delete critical data and could potentially damage the system.Information Assurance Officer
SV-229r4_rule TSS0810 CCI-000035 HIGH The BYPASS attribute must be limited to just trusted STCs. The BYPASS attribute permits STCs to bypass security checking. With this authority, a job or ACID could bypass all security checking, and could potentially alter or destroy critical system data.Information Assurance Officer
SV-230r3_rule TSS0820 CCI-000764 MEDIUM Started tasks must be properly defined to Top Secret. Started procedures have system generated job statements that do not contain the user, or password statements. To enable the started procedure to access the same protected resources that users and groups access, started procedures must have an associated USERID/ACID. If a USERID/ACID is not associated with the started procedure, the started procedure will not have access to the resources. Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-231r2_rule TSS0830 CCI-000764 MEDIUM Batch ACID(s) submitted through RJE and NJE is (are) not sourced. Jobs submitted through the RJE or NJE process will be sourced for submission to restrict the ACID so it can only be used from a specific remote number. This ensures that integrity is maintained. Without source restrictions, there is the potential job streams could be submitted from unauthorized locations.Information Assurance OfficerDCCS-1, DCCS-2
SV-232r2_rule TSS0840 CCI-000764 MEDIUM DASD management ACIDs are not properly defined. DASD management ACIDs require access to backup and restore all files and volumes, and thus present a high degree of risk to the environment.Information Assurance OfficerDCCS-1, DCCS-2
SV-233r3_rule TSS0850 CCI-000213 HIGH Emergency ACIDs must be properly limited and auditing resource access. All emergency ACIDs should contain information identifying the ACID to an individual. Without this, accountability could be impaired. Since these are powerful ACIDs, it is imperative that all trace I information be maintained for the user.Information Assurance OfficerDCCS-1, DCCS-2
SV-234r3_rule ACP00250 CCI-000213 HIGH All system PROCLIB data sets must be limited to system programmers only Unauthorized access to PROCLIB data sets referenced in the JES2 procedure can allow unauthorized modifications to STCs and other system level procedures. This could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-235r2_rule TSS0870 CCI-000035 MEDIUM MSCA ACID will perform security administration only. Since the MSCA is a special security administrator ACID, it has unlimited administrative authority. The MSCA can create SCAs and LSCAs, scope zones, extend the security database, so it should only be utilized for this purpose. The system MSCA will be a limited-use ACID, which is not available to any individual for day-to-day processing. Limit it's use only to performing security administration functions. An SCA will assume the use of, and the responsibility for, the MSCA. The MSCA account is identified in an ACID listing as the only ACID with: TYPE = MASTERInformation Assurance OfficerDCCS-1, DCCS-2
SV-236r2_rule TSS0880 CCI-001403 MEDIUM Password changes to the MSCA ACID will be documented in the change log. The system MSCA will be a limited use ACID, which is not available to any individual for day to day processing. Limit its use only to performing required security administration functions. The Primary SCA will assume the use of, and the responsibility for, the MSCA by changing the MSCA password. The password change command will include a comment indicating the reason.Information Assurance OfficerDCCS-1, DCCS-2
SV-237r3_rule TSS0890 CCI-000035 HIGH ACIDs granted the CONSOLE attribute must be justified. CONSOLE attribute grants the ability to modify SECURITY PRODUCT CONTROL options online, including capability to change many critical Control Options. Restricting this facility prevents operators or other personnel from executing sensitive started tasks or changing security control options without proper authorization.Information Assurance OfficerDCCS-1, DCCS-2
SV-238r2_rule TSS0900 CCI-000035 MEDIUM ACIDs defined as security administrators do not have the attribute of NOATS. NOATS prevents the TSS administrator ACID from signing on through automatic terminal signon. If an ACID has ATS enabled, a terminal could be automatically assigned that ACID without a user being present. This applies to CICS, IMS, and IDMS.Information Assurance OfficerDCCS-1, DCCS-2
SV-239r2_rule TSS0910 CCI-001559 MEDIUM Number of control ACIDs is not justified and properly assigned. Since the control ACIDs are the security administrators and can execute security modification commands, it is important that this level of access be restricted to a limited number of ACIDs. The fewer control ACIDs that there are, the more accountability and control there is over the security database.Information Assurance OfficerDCCS-1, DCCS-2
SV-240r3_rule TSS0920 CCI-000035 HIGH Security control ACIDs must be limited to the administrative authorities authorized and that require these privileges to perform their job duties. Since control ACIDs possess a significant amount of power, it is important to limit the number of control ACIDs. These ACIDs can perform and control security administration. An ACID who possesses control over security administration could alter or modify any data set, and delete any audit trail that might have existed for the file.Information Assurance OfficerDCCS-1, DCCS-2
SV-241r2_rule TSS0930 CCI-000035 MEDIUM The number of ACIDs possessing the tape Bypass Label Processing (BLP) privilege is not limited. BLP is extremely sensitive, as it allows the circumvention of security access checking for the data. If an unauthorized user possesses BLP authority, they could potentially read any restricted tape and modify any information once it has been copied.Information Assurance OfficerDCCS-1, DCCS-2
SV-243r3_rule TSS0950 CCI-000035 HIGH The number of ACIDs with MISC9 authority must be justified. ACIDs with MISC9 must be limited to the administrative authorities authorized and that require these privileges to perform their job duties. The MISC9 authority deals with higher level administrative authorities. One of the authorities is The MISC9 authority deals with higher level administrative authorities. One of the authorities is BYPASS, which can bypass security on the system. This violates the principle of individual user accountability. If this authority is not monitored, the potential for system degradation or destruction could happen. Only the appointed SCA's who are responsible for the security at the domain shall have MISC9 admin rights except MISC9(Generic) may be granted to any DCA,VCA,ZCA,LSCA,SCA. Information Assurance OfficerDCCS-1, DCCS-2
SV-244r2_rule TSS0970 CCI-002883 MEDIUM TRACE attribute has been found assigned to ACIDs. The TRACE attribute allows ACIDs to diagnose the security trace information. This information goes to the SYSLOG dataset. This could give an ACID the ability to access system control information.Information Assurance OfficerDCCS-1, DCCS-2
SV-245r2_rule TSS0980 CCI-002230 MEDIUM Documentation confirming the necessity of NO***CHK attributes is not available. Because the NO***CHK attributes can bypass system security, it is imperative that all ACIDS possessing these attributes be monitored and documentation maintained justifying the need for the access authorization. If these attributes are given to ACIDs that do not require the authority, the ACIDs could modify system data and potentially degrade or destroy system information.Information Assurance OfficerDCCS-1, DCCS-2
SV-246r2_rule TSS0990 CCI-000213 MEDIUM ACIDs were found having access FAC(*ALL*). All users with the exception of the master security control ACID must be authorized to a facility in order to sign on to it. When a user is granted FACILITY(*ALL*) , it gives the user access to all facilities. Users should be limited to access only those facilities that are required to perform their jobs successfully.Information Assurance OfficerDCCS-1, DCCS-2
SV-247r3_rule TSS1030 CCI-000213 HIGH Volume access greater than CREATE found in CA-Top Secret (TSS) database must be limited to authorized information technology personnel requiring access to perform their job duties. Access authorization to data sets is verified by examining both volume access and data set access authorization. If a user has been authorized for any volume access greater than CREATE, then TSS allows access to the volume without checking the data set authorizations. A user could potentially alter a data set that resides on a volume even though access has not been granted to that data set.Information Assurance OfficerDCCS-1, DCCS-2
SV-248r3_rule TSS1040 CCI-000213 MEDIUM Sensitive Utility Controls will be properly defined and protected. Sensitive Utility Controls can run sensitive system privileges or controls, and potentially can circumvent system and security controls. Failure to properly control access to these resources could result in the compromise of the confidentiality, integrity, and availability of the operating system environment, system services, ACP, and customer data.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2
SV-7529r2_rule ZCIC0020 CCI-000213 MEDIUM Sensitive CICS transactions are not protected in accordance with security requirements. Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can access them. Unauthorized use can result in the compromise of the confidentiality, integrity, and availability of the operating system or customer data.Information Assurance Officer
SV-297r4_rule ZTSO0030 CCI-000213 MEDIUM TSOAUTH resources must be restricted to authorized users. The TSOAUTH resource class controls sensitive privileges, such as OPER, ACCOUNT, MOUNT, TESTAUTH, CONSOLE, and PARMLIB. Several of these privileges offer the ability, or provide a facility, to modify sensitive operating system resources. Failure to properly control and restrict access to these privileges may result in the compromise of the operating system environment, ACP, and customer data.fix typo error Information Assurance OfficerSystems Programmer
SV-7531r3_rule ZCIC0030 CCI-000366 MEDIUM CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements. The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting the confidentiality, integrity, and availability of the CICS region, applications, and customer data.Information Assurance Officer
SV-3215r2_rule ITCP0010 CCI-000366 MEDIUM Configuration files for the TCP/IP stack are not properly specified. The TCP/IP stack reads two configuration files to determine values for critical operational parameters. These file names are specified in multiple locations and, depending on the process, are referenced differently. Because system security is impacted by some of the parameter settings, specifying the file names explicitly in each location reduces ambiguity and ensures proper operations. Inappropriate values could result in undesirable operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.Systems ProgrammerDCCS-1, DCCS-2
SV-3216r4_rule ITCP0020 CCI-000366 MEDIUM TCPIP.DATA configuration statements for the TCP/IP stack must be properly specified. During the initialization of TCP/IP servers and clients, the TCPIP.DATA configuration file provides information that is essential for proper operations of TCP/IP applications. Inappropriate values could result in undesirable operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.Systems Programmer
SV-3217r2_rule ITCP0030 CCI-000366 MEDIUM PROFILE.TCPIP configuration statements for the TCP/IP stack are not coded properly. The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TCP/IP stack. Inappropriate values could result in undesirable operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.Systems ProgrammerDCCS-1, DCCS-2
SV-3218r4_rule ITCP0040 CCI-000213 MEDIUM The permission bits and user audit bits for HFS objects that are part of the Base TCP/IP component must be configured properly. HFS directories and files of the Base TCP/IP component provide the configuration, operational, and executable properties of IBMs TCP/IP system product. Failure to properly secure these objects may lead to unauthorized access resulting in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.Systems ProgrammerInformation Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-7084r5_rule ITCP0050 CCI-000213 MEDIUM TCP/IP resources must be properly protected. The Communication Server access authorization is used to protect TCP/IP resources such as stack, network, port, and other SERVAUTH resources. These resources provide additional security checks for TCP/IP users. Failure to properly secure these TCP/IP resources could lead to unauthorized user access resulting in the compromise of some system services and possible compromise of data.Information Assurance Officer
SV-7088r3_rule ITCP0060 CCI-000764 MEDIUM Started tasks for the Base TCP/IP component must be defined in accordance with security requirements. The TCP/IP started tasks require special privileges and access to sensitive resources to provide its system services. Failure to properly define and control these TCP/IP started tasks could lead to unauthorized access. This exposure may result in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.Information Assurance Officer
SV-3221r2_rule ITCP0070 CCI-000213 MEDIUM MVS data sets for the Base TCP/IP component are not properly protected, MVS data sets of the Base TCP/IP component provide the configuration, operational, and executable properties of IBMs TCP/IP system product. Failure to properly secure these data sets may lead to unauthorized access resulting in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2, ECCD-1
SV-3222r3_rule ITNT0010 CCI-000764 MEDIUM PROFILE.TCPIP configuration statements for the TN3270 Telnet Server must be properly specified. The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TN3270 Telnet Server. Several of these parameters have potential impact to system security. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.Systems Programmer
SV-3223r4_rule ITNT0020 CCI-000366 MEDIUM VTAM session setup controls for the TN3270 Telnet Server must be properly specified. After a connection from a Telnet client to the TN3270 Telnet Server has been established, the process of session setup with a VTAM application occurs. A number of BEGINVTAM statements must be coded in a specific configuration to ensure adequate control to VTAM applications is maintained. Failure to code the appropriate statements could result in unauthorized access to the host and application resources. This exposure may impact data integrity or the availability of some system services.trueSystems Programmer
SV-3224r2_rule ITNT0030 CCI-000048 MEDIUM The warning banner for the TN3270 Telnet Server is not specified or properly specified. A logon banner can be used to inform users about the environment during the initial logon. In the DISA environment, logon banners are used to warn users against unauthorized entry and the possibility of legal action for unauthorized users, and advise all users that system use constitutes consent to monitoring. Failure to display a logon warning banner without this type of information could adversely impact the ability to prosecute unauthorized users and users who abuse the system.Systems ProgrammerDCCS-1, DCCS-2, ECWM-1
SV-3226r3_rule ITNT0050 CCI-000068 MEDIUM SSL encryption options for the TN3270 Telnet Server will be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS. During the SSL connection process a mutually acceptable encryption algorithm is selected by the server and client. This algorithm is used to encrypt the data that subsequently flows between the two. However, the level or strength of encryption can vary greatly. Certain configuration options can allow no encryption to be used and others can allow a relatively weak 40-bit algorithm to be used. Failure to properly enforce adequate encryption strength could result in the loss of data privacy.Systems ProgrammerDCCS-1, DCCS-2, ECMT-2, ECTM-1
SV-3227r3_rule ITNT0060 CCI-000130 MEDIUM SMF recording options for the TN3270 Telnet Server must be properly specified. The TN3270 Telnet Server can provide audit data in the form of SMF records. The SMF data produced provides information about individual sessions. This data includes the VTAM application, the remote and local IP addresses, and the remote and local IP port numbers. Failure to collect and retain audit data may contribute to the loss of accountability and hamper security audit activities.Systems ProgrammerDCCS-1, DCCS-2, ECAR-1, ECAR-2, ECAR-3
SV-3229r2_rule IUTN0010 CCI-000213 MEDIUM The startup user account for the z/OS UNIX Telnet Server is not defined properly. The z/OS UNIX Telnet Server (i.e., otelnetd) requires a UID(0) to provide its system services. After the user enters their userid and password, otelnetd switches to the security context of the users account. Because the otelnetd account is only used until authentication is completed, there is no need to require a unique account for this function. This limits the number of privileged accounts defined to the ACP and reduces the exposure potential. Failure to properly define and control otelnetd could lead to unauthorized access resulting in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.Systems ProgrammerDCCS-1, DCCS-2
SV-3230r2_rule IUTN0020 CCI-001133 MEDIUM Startup parameters for the z/OS UNIX Telnet Server are not specified properly. The z/OS UNIX Telnet Server (i.e., otelnetd) provides interactive access to the z/OS UNIX shell. During the initialization process, startup parameters are read to define the characteristics of each otelnetd instance. Some of these parameters have an impact on system security. Failure to specify the appropriate command options could result in degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.Systems ProgrammerDCCS-1, DCCS-2
SV-3231r3_rule IUTN0030 CCI-000048 MEDIUM The warning banner for the z/OS UNIX Telnet Server must be properly specified A logon banner can be used to inform users about the environment during the initial logon. Logon banners are used to warn users against unauthorized entry and the possibility of legal action for unauthorized users, and advise all users that system use constitutes consent to monitoring. Failure to display a logon warning banner without this type of information could adversely impact the ability to prosecute unauthorized users and users who abuse the system.trueSystems Programmer
SV-3232r3_rule IUTN0040 CCI-000213 MEDIUM HFS objects for the z/OS UNIX Telnet Server will be properly protected. HFS directories and files of the z/OS UNIX Telnet Server provide the configuration and executable properties of this product. Failure to properly secure these objects may lead to unauthorized access resulting in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.Systems ProgrammerInformation Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-13260r2_rule IFTP0010 CCI-000764 MEDIUM The FTP Server daemon is defined improperly. The FTP Server daemon requires special privileges and access to sensitive resources to provide its system services. Failure to properly define and control the FTP Server daemon could lead to unauthorized access. This exposure may result in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.Systems Programmer
SV-3234r2_rule IFTP0020 CCI-000366 MEDIUM The startup parameters for the FTP include the ANONYMOUS, ANONYMOUS=, or INACTIVE keywords. The FTP daemon’s started task JCL does not specify the SYSTCPD and SYSFTPD DD statements for configuration files. During initialization, the FTP daemon reads JCL keywords and configuration files to determine values for critical operational parameters. Because system security is impacted by some of these parameter settings, controlling these options through the configuration file only and explicitly specifying the file locations reduces ambiguity, enhances security auditing, and ensures proper operations. Inappropriate values could result in undesirable operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.Systems ProgrammerDCCS-1, DCCS-2, IAIA-1, IAIA-2
SV-3235r2_rule IFTP0030 CCI-000048 MEDIUM FTP.DATA configuration statements for the FTP Server are not specified in accordance with requirements. The statements in the FTP.DATA configuration file specify the parameters and values that control the operation of the FTP Server components including the use of anonymous FTP. Several of the parameters must have specific settings to provide a secure configuration. Inappropriate values could result in undesirable operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.Systems ProgrammerDCCS-1, DCCS-2
SV-3236r3_rule IFTP0040 CCI-000382 MEDIUM User exits for the FTP Server must not be used without proper approval and documentation. Several user exit points in the FTP Server component are available to permit customization of its operating behavior. These exits can be used to modify functions such as FTP command usage, client connection controls, post processing tasks, and SMF record modifications. Without proper review and adequate documentation of these exit programs, undesirable operations and degraded security may result. This exposure could lead to unauthorized access impacting data integrity or the availability of some system services, or contribute to the loss of accountability and hamper security audit activities.Information Assurance ManagerSystems Programmer
SV-3237r3_rule IFTP0050 CCI-000048 MEDIUM The warning banner for the FTP Server must be specified properly. A logon banner can be used to inform users about the environment during the initial logon. In the DISA environment, logon banners are used to warn users against unauthorized entry and the possibility of legal action for unauthorized users, and advise all users that system use constitutes consent to monitoring. Failure to display a logon warning banner without this type of information could adversely impact the ability to prosecute unauthorized users and users who abuse the system.trueSystems Programmer
SV-3238r4_rule IFTP0060 CCI-000130 MEDIUM SMF recording options for the FTP Server must be configured to write SMF records for all eligible events. The FTP Server can provide audit data in the form of SMF records. The SMF data produced by the FTP Server provides transaction information for both successful and unsuccessful FTP commands. Failure to collect and retain audit data may contribute to the loss of accountability and hamper security audit activities.Systems ProgrammerDCCS-1, DCCS-2, ECAT-1, ECAT-2
SV-3239r3_rule IFTP0070 CCI-000213 MEDIUM The permission bits and user audit bits for HFS objects that are part of the FTP Server component will be properly configured. HFS directories and files of the FTP Server provide the configuration and executable properties of this product. Failure to properly secure these objects may lead to unauthorized access resulting in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.Systems ProgrammerInformation Assurance OfficerDCCS-1, DCCS-2, DCSL-1
SV-3240r2_rule IFTP0080 CCI-000213 MEDIUM MVS data sets for the FTP Server are not properly protected. MVS data sets of the FTP Server provide the configuration and operational characteristics of this product. Failure to properly secure these data sets may lead to unauthorized access resulting in the compromise of the integrity and availability of customer data and some system services.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2, DCSL-1
SV-6925r2_rule IFTP0090 CCI-001764 MEDIUM The TFTP Server program is controlled improperly. The Trivial File Transfer Protocol (TFTP) Server, known as tftpd, supports file transfer according to the industry standard Trivial File Transfer Protocol. The TFTP Server does not perform any user identification or authentication, allowing any client to connect to the TFTP Server. Due to this lack of security, the TFTP Server will not be used. Failure to restrict the use of the TFTP Server may result in unauthorized access to the host. This exposure may impact the integrity, availability, and privacy of application data.Information Assurance Officer
SV-3242r2_rule ISLG0010 CCI-000764 MEDIUM The Syslog daemon is not started at z/OS initialization. The Syslog daemon, known as SYSLOGD, is a z/OS UNIX daemon that provides a central processing point for log messages issued by other z/OS UNIX processes. The messages may be of varying importance levels including general process information, diagnostic information, critical error notification, and audit-class information. It is important that SYSLOGD be started during the initialization phase of the z/OS system to ensure that significant messages are not lost. Failure to collect and retain audit data may contribute to the loss of accountability and hamper security audit activities.Systems ProgrammerDCCS-1, DCCS-2
SV-7080r3_rule ISLG0020 CCI-000764 MEDIUM The Syslog daemon must be defined properly. The Syslog daemon, known as syslogd, is a zOS UNIX daemon that provides a central processing point for log messages issued by other zOS UNIX processes. It is also possible to receive log messages from other network-connected hosts. Some of the IBM Communications Server components that may send messages to syslog are the FTP, TFTP, zOS UNIX Telnet, DNS, and DHCP servers. The messages may be of varying importance levels including general process information, diagnostic information, critical error notification, and audit-class information. Primarily because of the potential to use this information in an audit process, there is a security interest in protecting the syslogd process and its associated data. The Syslog daemon requires special privileges and access to sensitive resources to provide its system services. Failure to properly define and control the Syslog daemon could lead to unauthorized access. This exposure may result in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.Systems ProgrammerInformation Assurance Officer
SV-3244r3_rule ISLG0030 CCI-000213 MEDIUM The permission bits and user audit bits for HFS objects that are part of the Syslog daemon component will be configured properly. HFS directories and files of the Syslog daemon provide the configuration and executable properties of this product. Failure to properly secure these objects could lead to unauthorized access. This exposure may result in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.Systems ProgrammerInformation Assurance OfficerDCCS-1, DCCS-2, ECTM-1, ECTM-2
SV-3331r3_rule ACP00320 CCI-000148 MEDIUM The ACP audit logs must be reviewed on a regular basis . Each ACP has the ability to produce audit records, based on specific security-related events. Audit Trail, Monitoring, Analysis and Reporting provides automated, continuous on-line monitoring and audit trail creation capability, to alert personnel of any unusual or inappropriate activity with potential IA implications. Failure to perform audit log analysis would allow for unusual or inappropriate activity to continue without review and appropriate actions taken.Information Assurance Officer
SV-3716r2_rule ACP00330 CCI-000764 MEDIUM User accounts defined to the ACP do not uniquely identify system users. System users must be uniquely identified to the operating system. To accomplish this, each user must have an individual account defined to the ACP. If user accounts are not associated with specific individuals and are shared among multiple users, individual accountability is lost. This could hamper security audit activities and lead to unauthorized user access of system resources and customer data. . Scope of, ownership of and responsibility over users shall be based upon the specifics of appointment, role, responsibilities and level of authority. Such as a domain/system level IAO is responsible for the Domain/system level users, whereas normally a application user would be the responsibility of the DoD AIS application security team unless SLA indicates otherwise.Information Assurance OfficerDCCS-1, DCCS-2, IAIA-1, IAIA-2
SV-7358r3_rule ZSMS0020 CCI-000213 MEDIUM DFSMS control data sets must be protected in accordance with security requirements. DFSMS control data sets provide the configuration and operational characteristics of the system-managed storage environment. Failure to properly protect these data sets may result in unauthorized access. This exposure could compromise the availability and integrity of some system services and customer data.Information Assurance Officer
SV-3896r2_rule ZSMS0030 CCI-000366 LOW SYS(x).Parmlib(IEFSSNxx) SMS configuration parameter settings are not properly specified. Configuration properties of DFSMS are specified in various members of the system parmlib concatenation (e.g., SYS1.PARMLIB). Statements within these PDS members provide the execution, operational, and configuration characteristics of the system-managed storage environment. Missing or inappropriate configuration values may result in undesirable operations and degraded security. This exposure could potentially compromise the availability and integrity of some system services and customer data.Systems ProgrammerDCCS-1, DCCS-2
SV-3897r2_rule ZWAS0010 CCI-000213 MEDIUM MVS data sets for the WebSphere Application Server are not protected in accordance with the proper security requirements. MVS data sets provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Failure to properly protect these data sets may lead to unauthorized access. This exposure could compromise the integrity and availability of system services, applications, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-3898r2_rule ZWAS0020 CCI-000213 MEDIUM HFS objects for the WebSphere Application Server are not protected in accordance with the proper security requirements. HFS directories and files provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Many of these objects are responsible for the security implementation of WAS. Failure to properly protect these directories and files may lead to unauthorized access. This exposure could potentially compromise the integrity and availability of system services, applications, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-7266r2_rule ZWAS0030 CCI-000213 MEDIUM The CBIND Resource(s) for the WebSphere Application Server is(are) not protected in accordance with security requirements. SAF resources provide the ability to control access to functions and services of the WebSphere Application Server (WAS) environment. Many of these resources provide operational and administrative support for WAS. Failure to properly protect these resources may lead to unauthorized access. This exposure could compromise the integrity and availability of application services and customer data.Information Assurance Officer
SV-3900r3_rule ZWAS0040 CCI-001762 HIGH Vendor-supplied user accounts for the WebSphere Application Server must be defined to the ACP. Vendor-supplied user accounts are defined to the ACP with factory-set passwords during the installation of the WebSphere Application Server (WAS). These user accounts are common to all WAS environments and have access to restricted resources and functions. Failure to delete vendor-supplied user accounts from the ACP may lead to unauthorized access. This exposure could compromise the integrity and availability of system services, applications, and customer data.IAO will ensure that CBADMIN user password is changed from default.Information Assurance Officer
SV-3901r2_rule ZWAS0050 CCI-000068 MEDIUM The WebSphere Application Server plug-in is not specified in accordance with the proper security requirements. Requests processed by the WebSphere Application Server (WAS) are dependent on directives configured in the HTTP server httpd.conf file. These directives specify critical files containing the WAS plug-in and WAS configuration. These files provide the operational and security characteristics of WAS. Failure to properly configure WAS-related directives could lead to undesirable operations and degraded security. This exposure may compromise the availability and integrity of applications and customer data.Information Assurance OfficerDCCS-1, DCCS-2
SV-3903r2_rule ZWMQ0020 CCI-001133 MEDIUM User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements. Users signed on to a WebSphere MQ queue manager could leave their terminals unattended for long periods of time. This may allow unauthorized individuals to gain access to WebSphere MQ resources and application data. This exposure could compromise the availability, integrity, and confidentiality of some system services and application data.Systems ProgrammerDCCS-1, DCCS-2, ECTM-1, ECTM-2
SV-7527r1_rule ZWMQ0030 CCI-000764 MEDIUM WebSphere MQ started tasks are not defined in accordance with the proper security requirements. Started tasks are used to execute WebSphere MQ queue manager services. Improperly defined WebSphere MQ started tasks may result in inappropriate access to application resources and the loss of accountability. This exposure could compromise the availability of some system services and application data.Information Assurance Officer
SV-3905r2_rule ZWMQ0040 CCI-000213 MEDIUM WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted MVS data sets provide the configuration, operational, and executable properties of WebSphere MQ. Some data sets are responsible for the security implementation of WebSphere MQ. Failure to properly protect these data sets may lead to unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECAR-1, ECAR-2, ECCD-1, ECCD-2
SV-4836r2_rule TSS0505 CCI-000366 MEDIUM The OPTIONS Control Option does not include option (4) at a minimum. The OPTIONS Control Option replaces optional APARs that have been applied prior to Release 5.1. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation. NOTE: "TSS MODIFY" command will list OPTIONS as OPTIONALS. i.e. OPTIONALS(004,005)Information Assurance OfficerDCCS-1, DCCS-2
SV-4850r3_rule ACP00135 CCI-000213 MEDIUM Allocate access to system user catalogs must be limited to system programmers only. System catalogs are the basis for locating all files on the system. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance Officer
SV-5605r2_rule AAMV0325 CCI-001762 LOW Non-existent or inaccessible Link Pack Area (LPA) libraries. LPA libraries give a common access point for the general usage of modules. Many of the subsystems installed on a domain rely upon these modules for proper execution. If the list of libraries found in this LPA member is not properly maintained, the integrity of the operating environment is subject to compromise. Systems ProgrammerDCCS-1, DCCS-2, DCSL-1
SV-5627r4_rule ITCP0025 CCI-000366 MEDIUM The hosts identified by the NSINTERADDR statement must be properly protected. If the hosts identified by NSINTERADDR statement are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the host and the hosts' components. Therefore, they can interfere with the normal operations of the host. Improper control of hosts and the hosts' components could compromise network operations.trueInformation Assurance OfficerSystems Programmer
SV-7195r2_rule ZFEP0011 CCI-000933 MEDIUM All hardware components of the FEPs are not placed in secure locations where they cannot be stolen, damaged, or disturbed If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.Information Assurance OfficerDCCS-1, DCCS-2
SV-7196r2_rule ZFEP0012 CCI-000004 MEDIUM Procedures are not in place to restrict access to FEP functions of the service subsystem from operator consoles (local and/or remote), and to restrict access to the diskette drive of the service subsystem. If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.Information Assurance OfficerDCCS-1, DCCS-2
SV-7197r2_rule ZFEP0013 CCI-000504 MEDIUM A documented procedure is not available instructing how to load and dump the FEP NCP (Network Control Program). If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.DCCS-1, DCCS-2
SV-7198r2_rule ZFEP0014 CCI-000318 MEDIUM An active log is not available to keep track of all hardware upgrades and software changes made to the FEP (Front End Processor). If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.Information Assurance OfficerDCCS-1, DCCS-2
SV-7199r2_rule ZFEP0015 CCI-001499 MEDIUM NCP (Net Work Control Program) Data set access authorization does not restricts UPDATE and/or ALLOCATE access to appropriate personnel. If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.Information Assurance OfficerDCCS-1, DCCS-2
SV-7200r2_rule ZFEP0016 CCI-000213 MEDIUM A password control is not in place to restrict access to the service subsystem via the operator consoles (local and/or remote) and a key-lock switch is not used to protect the modem supporting the remote console of the service subsystem. If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2, IAAC-1
SV-7320r2_rule ZJES0014 CCI-000213 MEDIUM RJE workstations and NJE nodes are not controlled in accordance with STIG requirements. JES2 RJE workstations and NJE nodes provide a method of sending and receiving data (e.g., jobs, job output, and commands) from remote locations. Failure to properly identify and control these remote facilities could result in unauthorized sources transmitting data to and from the operating system. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7324r2_rule ZJES0021 CCI-000213 MEDIUM JES2 input sources are improperly protected. JES2 input sources provide a variety of channels for job submission. Failure to properly control the use of these input sources could result in unauthorized submission of work into the operating system. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-74867r1_rule ZJES0022 CCI-000213 MEDIUM JES2 input sources must be properly controlled. JES2 input sources provide a variety of channels for job submission. Failure to properly control the use of these input sources could result in unauthorized submission of work into the operating system. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.
SV-7328r2_rule ZJES0031 CCI-000213 MEDIUM JES2 output devices are improperly protected. JES2 output devices provide a variety of channels to which output can be processed. Failure to properly control these output devices could result in unauthorized personnel accessing output. This exposure may compromise the confidentiality of customer data.Information Assurance Officer
SV-74873r1_rule ZJES0032 CCI-000213 MEDIUM JES2 output devices must be properly controlled for Classified Systems. JES2 output devices provide a variety of channels to which output can be processed. Failure to properly control these output devices could result in unauthorized personnel accessing output. This exposure may compromise the confidentiality of customer data on a classified System..
SV-7333r2_rule ZJES0041 CCI-000213 MEDIUM JESSPOOL resources are improperly protected. JES2 spool resources include all SYSOUT, SYSLOG, JESTRACE, and JESNEWS data sets. Failure to properly control JES2 spool resources could result in unauthorized personnel accessing job output, system activity logs, and trace data containing userid and password information. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7330r2_rule ZJES0042 CCI-000213 MEDIUM JESNEWS resources are improperly protected. JES2 spool resources include all SYSOUT, SYSLOG, JESTRACE, and JESNEWS data sets. Failure to properly control JES2 spool resources could result in unauthorized personnel accessing job output, system activity logs, and trace data containing userid and password information. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7335r2_rule ZJES0044 CCI-000213 MEDIUM JESTRACE and/or SYSLOG resources are improperly protected. JES2 spool resources include all SYSOUT, SYSLOG, JESTRACE, and JESNEWS data sets. Failure to properly control JES2 spool resources could result in unauthorized personnel accessing job output, system activity logs, and trace data containing userid and password information. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7337r3_rule ZJES0046 CCI-000213 MEDIUM JES2 spool resources will be controlled in accordance with security requirements. JES2 spool resources include all SYSOUT, SYSLOG, JESTRACE, and JESNEWS data sets. Failure to properly control JES2 spool resources could result in unauthorized personnel accessing job output, system activity logs, and trace data containing userid and password information. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7339r2_rule ZJES0051 CCI-000213 MEDIUM JES2.** resource is improperly protected. JES2 system commands are used to control JES2 resources and the operating system environment. Failure to properly control access to JES2 system commands could result in unauthorized personnel issuing sensitive JES2 commands. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-17409r2_rule ZJES0052 CCI-000213 MEDIUM JES2 system commands are not protected in accordance with security requirements. JES2 system commands are used to control JES2 resources and the operating system environment. Failure to properly control access to JES2 system commands could result in unauthorized personnel issuing sensitive JES2 commands. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7351r4_rule ZSMS0012 CCI-000213 MEDIUM SMS Program Resources must be properly defined and protected. DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and effectively bypass all ACP data set and volume controls. Failure to properly protect DFSMS resources may result in unauthorized access. This exposure could compromise the availability and integrity of the operating system environment, system services, and customer data.Information Assurance OfficerSystems Programmer
SV-7237r2_rule ZSMS0022 CCI-000549 MEDIUM DFSMS control data sets are not properly protected. DFSMS control data sets provide the configuration and operational characteristics of the system-managed storage environment. Failure to properly protect these data sets may result in unauthorized access. This exposure could compromise the availability and integrity of some system services and customer data.Information Assurance OfficerSystems ProgrammerCOTR-1, DCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-7238r2_rule ZSMS0032 CCI-000366 MEDIUM SYS(x).PARMLIB(IGDSMSxx), SMS parameter settings are not properly specified. Configuration properties of DFSMS are specified in various members of the system parmlib concatenation (e.g., SYS1.PARMLIB). Statements within these PDS members provide the execution, operational, and configuration characteristics of the system-managed storage environment. Missing or inappropriate configuration values may result in undesirable operations and degraded security. This exposure could potentially compromise the availability and integrity of some system services and customer data.Systems ProgrammerDCCS-1, DCCS-2
SV-7245r2_rule ZUSS0011 CCI-000366 MEDIUM z/OS UNIX OMVS parameters in PARMLIB are not properly specified. Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to gain inappropriate privileges that could impact data integrity or the availability of some system services.Systems ProgrammerDCCS-1, DCCS-2
SV-7246r3_rule ZUSS0012 CCI-000366 MEDIUM z/OS UNIX BPXPRMxx security parameters in PARMLIB must be properly specified. Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to gain inappropriate privileges that could impact data integrity or the availability of some system services.trueSystems Programmer
SV-7247r2_rule ZUSS0013 CCI-001762 MEDIUM z/OS UNIX HFS MapName files security parameters are not properly specified. Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to gain inappropriate privileges that could impact data integrity or the availability of some system services.Systems ProgrammerDCCS-1, DCCS-2
SV-7248r2_rule ZUSS0014 CCI-000382 MEDIUM z/OS UNIX security parameters for restricted network service(s) in /etc/inetd.conf are not properly specified. Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to gain inappropriate privileges that could impact data integrity or the availability of some system services.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2
SV-7249r3_rule ZUSST052 CCI-000366 MEDIUM TSS UNIX control option CHOWNURS must be properly set. Parameter settings in TSS impact the security level of z/OS UNIX.Information Assurance OfficerDCCS-1, DCCS-2
SV-7250r2_rule ZVTM0011 CCI-001499 MEDIUM The VTAM USSTAB definitions are being used for unsecured terminals VTAM options and definitions are used to define VTAM operational capabilities. They must be strictly controlled. Unauthorized users could override or change start options or network definitions. Failure to properly control VTAM resources could potentially compromise the network operations.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2, IAAC-1
SV-7360r2_rule ZVTM0018 CCI-000213 MEDIUM The System datasets used to support the VTAM network are improperly secured. VTAM options and definitions are used to define VTAM operational capabilities. They must be strictly controlled. Unauthorized users could override or change start options or network definitions. Failure to properly control VTAM resources could potentially compromise the network operations.Information Assurance OfficerSystems Programmer
SV-7259r5_rule ZWMQ0011 CCI-000068 HIGH WebSphere MQ channel security must be implemented in accordance with security requirements. WebSphere MQ Channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. Secure Sockets Layer (SSL) uses encryption techniques, digital signatures and digital certificates to provide message privacy, message integrity and mutual authentication between clients and servers. Failure to properly secure a WebSphere MQ channel may lead to unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of some system services, applications, and customer data.trueInformation Assurance OfficerSystems Programmer
SV-7535r2_rule ZWMQ0049 CCI-000213 MEDIUM WebSphere MQ security class(es) is(are) defined improperly. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-7539r3_rule ZWMQ0051 CCI-000213 HIGH Websphere MQ switch profiles must be properly defined to the MQADMIN class. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-7262r2_rule ZUSS0015 CCI-000366 MEDIUM z/OS UNIX security parameters in etc/profile are not properly specified. Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to gain inappropriate privileges that could impact data integrity or the availability of some system services.Systems ProgrammerDCCS-1, DCCS-2
SV-7542r2_rule ZWMQ0052 CCI-000213 MEDIUM WebSphere MQ MQCONN Class resources are protected improperly. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-7264r2_rule ZUSS0016 CCI-000366 MEDIUM z/OS UNIX security parameters in /etc/rc not properly specified. Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to gain inappropriate privileges that could impact data integrity or the availability of some system services.Systems ProgrammerDCCS-1, DCCS-2
SV-7267r2_rule ZWMQ0053 CCI-001762 MEDIUM WebSphere MQ dead letter and alias dead letter queues are not properly defined. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Systems ProgrammerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-7545r2_rule ZWMQ0054 CCI-000213 MEDIUM WebSphere MQ queue resource defined to the MQQUEUE resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-7547r2_rule ZWMQ0055 CCI-000213 MEDIUM WebSphere MQ Process resources are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-7549r2_rule ZWMQ0056 CCI-000213 MEDIUM WebSphere MQ Namelist resources are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-7405r2_rule ZUSS0021 CCI-000213 MEDIUM BPX resource(s) is(are) not protected in accordance with security requirements. z/OS UNIX ACP-defined resources consist of sensitive capabilities including SUPERUSER, daemon, and numerous file manipulation privileges. Missing or inaccurate protection of these resources could allow a user to access sensitive data, modify or delete data and operating system controls, or issue commands that could negatively impact system availability.Information Assurance OfficerSystems Programmer
SV-7551r2_rule ZWMQ0057 CCI-000213 MEDIUM WebSphere MQ alternate user resources defined to MQADMIN resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-19747r4_rule ZUSS0022 CCI-000213 HIGH z/OS UNIX resources must be protected in accordance with security requirements. z/OS UNIX ACP-defined resources consist of sensitive capabilities including SUPERUSER, daemon, and numerous file manipulation privileges. Missing or inaccurate protection of these resources could allow a user to access sensitive data, modify or delete data and operating system controls, or issue commands that could negatively impact system availability.Information Assurance OfficerSystems Programmer
SV-7553r2_rule ZWMQ0058 CCI-000213 MEDIUM WebSphere MQ context resources defined to the MQADMIN resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-19749r3_rule ZUSS0023 CCI-000213 HIGH z/OS UNIX SUPERUSER resource must be protected in accordance with guidelines. z/OS UNIX ACP-defined resources consist of sensitive capabilities including SUPERUSER, daemon, and numerous file manipulation privileges. Missing or inaccurate protection of these resources could allow a user to access sensitive data, modify or delete data and operating system controls, or issue commands that could negatively impact system availability. Information Assurance OfficerSystems Programmer
SV-7555r2_rule ZWMQ0059 CCI-000213 MEDIUM WebSphere MQ command resources defined to MQCMDS resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-7277r2_rule ZUSS0031 CCI-000213 MEDIUM z/OS UNIX MVS data sets or HFS objects are not properly protected. For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets that contain HFS file systems with application system and user data. All of these MVS data sets require definitions in the ACP to enforce desired access controls. In addition, the UNIX permission bits must be properly set on the HFS directories and files to enforce desired access controls.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-7557r2_rule ZWMQ0060 CCI-000213 MEDIUM WebSphere MQ RESLEVEL resources in the MQADMIN resource class are not protected in accordance with security requirements. WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security checking. Failure to properly protect WebSphere MQ resources may result in unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of system services, applications, and customer data.Information Assurance Officer
SV-7279r2_rule ZUSS0032 CCI-000213 MEDIUM z/OS UNIX MVS data sets WITH z/OS UNIX COMPONENTS are not properly protected For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets that contain HFS file systems with application system and user data. All of these MVS data sets require definitions in the ACP to enforce desired access controls. In addition, the UNIX permission bits must be properly set on the HFS directories and files to enforce desired access controls.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-7280r2_rule ZUSS0033 CCI-000213 MEDIUM z/OS UNIX MVS data sets used as step libraries in /etc/steplib are not properly protected For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets that contain HFS file systems with application system and user data. All of these MVS data sets require definitions in the ACP to enforce desired access controls. In addition, the UNIX permission bits must be properly set on the HFS directories and files to enforce desired access controls.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-7281r3_rule ZUSS0034 CCI-000213 MEDIUM z/OS UNIX HFS permission bits and audit bits for each directory will be properly protected or specified. For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets that contain HFS file systems with application system and user data. All of these MVS data sets require definitions in the ACP to enforce desired access controls. In addition, the UNIX permission bits must be properly set on the HFS directories and files to enforce desired access controls.Systems ProgrammerInformation Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-7282r3_rule ZUSS0035 CCI-000213 MEDIUM z/OS UNIX SYSTEM FILE SECURITY SETTINGS will be properly protected or specified. For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets that contain HFS file systems with application system and user data. All of these MVS data sets require definitions in the ACP to enforce desired access controls. In addition, the UNIX permission bits must be properly set on the HFS directories and files to enforce desired access controls.Systems ProgrammerInformation Assurance OfficerDCCS-1, DCCS-2, DCSL-1, ECCD-1, ECCD-2
SV-7283r2_rule ZWMQ0012 CCI-002470 MEDIUM WebSphere MQ channel security is not implemented in accordance with security requirements. WebSphere MQ channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. WebSphere MQ channels use SSL encryption techniques, digital signatures and digital certificates to provide message privacy, message integrity and mutual authentication between clients and servers. Failure to properly secure a WebSphere MQ channel may lead to unauthorized access. This exposure could compromise the availability, integrity, and confidentiality of some system services, applications, and customer data.Information Assurance OfficerDCCS-1, DCCS-2
SV-7284r2_rule ZUSS0036 CCI-000213 MEDIUM z/OS UNIX MVS HFS directory(s) with "other" write permission bit set are not properly defined. For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets that contain HFS file systems with application system and user data. All of these MVS data sets require definitions in the ACP to enforce desired access controls. In addition, the UNIX permission bits must be properly set on the HFS directories and files to enforce desired access controls.Systems ProgrammerDCCS-1, DCCS-2, DCSL-1, ECCD-1, ECCD-2
SV-7288r2_rule ZUSS0041 CCI-000764 MEDIUM Attributes of z/OS UNIX user accounts are not defined properly User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.Systems ProgrammerDCCS-1, DCCS-2
SV-7289r2_rule ZUSS0042 CCI-000764 MEDIUM z/OS UNIX each group is not defined with a unique GID. User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.Information Assurance OfficerDCCS-1, DCCS-2
SV-7290r2_rule ZUSS0043 CCI-000764 MEDIUM The user account for the z/OS UNIX kernel (OMVS) is not properly defined to the security database. User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2
SV-87471r1_rule ZUSS0044 CCI-000764 MEDIUM The user account for the z/OS UNIX SUPERUSER userid must be properly defined. User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.Information Assurance OfficerSystems Programmer
SV-87477r1_rule ZUSS0045 CCI-000764 MEDIUM The user account for the z/OS UNIX (RMFGAT) must be properly defined. User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.Information Assurance OfficerSystems Programmer
SV-7294r3_rule ZUSS0046 CCI-000764 HIGH UID(0) must be properly assigned. User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.Information Assurance OfficerSystems Programmer
SV-7295r2_rule ZUSS0047 CCI-000764 MEDIUM z/OS UNIX user accounts are not properly defined. User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2
SV-7303r4_rule ZUSST050 CCI-000366 MEDIUM The z/OS Default profiles must not be defined in TSS OMVS UNIX security parameters for classified systems. TSS UNIQUSER control option will automatically assign a UID to any user who logs on to OMVS without an OMVS segment. Parameter settings in the TSS impact the security level of z/OS UNIX. In classified systems user access will not be determined by default.Information Assurance Officer
SV-7383r2_rule ZUSST060 CCI-000213 HIGH The HFSSEC resource class is not defined with DEFPROT. The HFSSEC resource class configuration settings in the ACP impact the security level of z/OS UNIX.Information Assurance OfficerDCCS-1, DCCS-2
SV-7941r5_rule ZUSS0048 CCI-000764 MEDIUM Attributes of z/OS UNIX user accounts used for account modeling must be defined in accordance with security requirements. Top Secret ACIDs that use z/OS UNIX facilities must be properly defined. If these attributes are not correctly defined, data access or command privilege controls could be compromised.Information Assurance Officer
SV-7537r3_rule ZCIC0041 CCI-000764 MEDIUM CICS default logonid(s) must be defined and/or controlled in accordance with the security requirements. CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and terminal users) may provide an exposure and vulnerability within the CICS environment. This could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.Information Assurance Officer
SV-7543r2_rule ZCIC0042 CCI-000057 MEDIUM CICS logonid(s) do not have time-out limit set to 15 minutes. CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and terminal users) may provide an exposure and vulnerability within the CICS environment. This could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.trueInformation Assurance Officer
SV-7525r2_rule ZCICT041 CCI-000213 MEDIUM CICS userids are not defined and/or controlled in accordance with proper security requirements. CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and terminal users) may provide an exposure and vulnerability within the CICS environment. This could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-7920r4_rule ACP00282 CCI-000213 MEDIUM z/OS system commands must be properly protected. z/OS system commands provide a method of controlling the operating environment. Failure to properly control access to z/OS system commands could result in unauthorized personnel issuing sensitive system commands. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7923r4_rule ACP00291 CCI-000382 MEDIUM CONSOLxx members must be properly configured. MCS consoles can be used to issue operator commands. Failure to properly control access to MCS consoles could result in unauthorized personnel issuing sensitive operator commands. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance OfficerSystems Programmer
SV-7926r3_rule ACP00292 CCI-000382 MEDIUM MCS console userid(s) will be properly protected. MCS consoles can be used to issue operator commands. Failure to properly control access to MCS consoles could result in unauthorized personnel issuing sensitive operator commands. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7929r3_rule ACP00293 CCI-000213 MEDIUM MCS consoles access authorization(s) for CONSOLE resource(s) must be properly protected. MCS consoles can be used to issue operator commands. Failure to properly control access to MCS consoles could result in unauthorized personnel issuing sensitive operator commands. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7932r2_rule ACP00294 CCI-000213 MEDIUM Attributes for Users with the TSO CONSOLE privilege are inappropriate. MCS consoles can be used to issue operator commands. Failure to properly control access to MCS consoles could result in unauthorized personnel issuing sensitive operator commands. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance Officer
SV-7938r2_rule TSS0246 CCI-000213 MEDIUM Operating system commands (MVS.) of the OPERCMDS resource class are not properly owned.. z/OS system commands provide a method of controlling the operating environment. Failure to properly control access to z/OS system commands could result in unauthorized personnel issuing sensitive system commands. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.Information Assurance OfficerDCCS-1, DCCS-2
SV-7978r2_rule ZCIC0010 CCI-001499 MEDIUM CICS system data sets are not properly protected. CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to CICS system data sets (i.e., product, security, and application libraries) could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-8016r3_rule AAMV0012 CCI-001764 HIGH Unsupported system software is installed and active on the system. When a vendor drops support of System Software, they no longer maintain security vulnerability patches to the software. Without vulnerability patches, it is impossible to verify that the system does not contain code which could violate the integrity of the operating system environment.
SV-8019r3_rule AAMV0014 CCI-000409 MEDIUM Site must have a formal migration plan for removing or upgrading OS systems software prior to the date the vendor drops security patch support. Vendors' code may contain vulnerabilities that may be exploited to cause denial of service or to violate the integrity of the system or data on the System. Most vendors develop patches to correct these vulnerabilities. When vendors' products become unsupported, the creation of these patches cease leaving the system exposed to any future vulnerabilities not patched. Without a documented migration plan established to monitor system software versions and releases unsupported software may be allowed to run on the system.Information Assurance OfficerSecurity Manager
SV-8032r2_rule ZCICT050 CCI-000366 MEDIUM Control options for the Top Secret CICS facilities do not meet minimum requirements. TSS CICS facilities define the security controls in effect for CICS regions. Failure to code the appropriate values could result in degraded security. This exposure may result in unauthorized access impacting the confidentiality, integrity, and availability of the CICS region, applications, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECCD-1, ECCD-2
SV-8037r2_rule ACP00310 CCI-000017 MEDIUM Userids found inactive for more than 35 days are not suspended. Userid maintenance is critical in a C2 level of trust environment. Userids left on the system for extended periods of time could be reassigned to a different user while retaining the access authorizations of the previous user. The improper management of userids could result in the compromise of the operating system environment, ACP, and customer data.Information Assurance Officer
SV-8757r2_rule IFTP0100 CCI-000041 MEDIUM FTP / Telnet unencryted transmissions require Acknowledgement of Risk Letter(AORL) In addition to the data transmission being in the clear, the user credentials are also passed in the clear, which violates the control IAIA-1. As mitigation for this vulnerability, special consideration must be given to account maintenance and the types of user privileges associated with these accounts. Interception of the above information could result in the compromise of the operating system environment, ACP, and customer data.Information being passed in the clear can violate System and Data integrity.Information Assurance OfficerDCCS-1, DCCS-2, EBRU-1, ECCT-1, ECCT-2
SV-15870r2_rule TSS0385 CCI-000366 HIGH The Facility Control Option does not specify the sub option of MODE=FAIL. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options or sub options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-15984r2_rule AAMV0018 CCI-001220 HIGH Site does not maintain documented procedures to apply security related software patches to their system and does not maintain a log of when these patches were applied. Vendors' code may contain vulnerabilities that may be exploited to cause denial of service or to violate the integrity of the system or data on the System. Most vendors develop patches to correct these vulnerabilities. These patches must be applied and documented. Information Assurance OfficerDCAR-1, DCCS-1, DCCS-2
SV-22058r2_rule TSS0780 CCI-000213 HIGH Access to the TSS MODE resource class is inappropriate. Access to the resources in the MODE resource class overrides the security mode in which an Acid will operate for all facilities. Acids with permission to these resources can compromise the security of the processing environment. In addition, failure to restrict access to these resources introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-25130r2_rule TSS0995 CCI-000213 MEDIUM The TSS ALL record has inappropriate access to Facility Matrix Tables. All users with the exception of the master security control ACID must be authorized to a facility in order to sign on to it. When the ALL record is assigned Facilities, by default all users on the system have access to that Facility. Users should have limited access, only those facilities that are required to perform their jobs successfully are to be granted directly or via profile(s).Information Assurance OfficerInformation Assurance ManagerDCCS-1, DCCS-2
SV-26592r3_rule TSS1010 CCI-000213 MEDIUM Data set masking characters allowing access to all data sets must be properly restricted in the security database. TSS provides masking as an additional method for reducing the number of entries that must be made to secure the installation data sets. Shared patterns can be used as the operands of data set parameters. If this masking character (*, *., and/or **) are not restricted, there is the possibility of exposure when granting access to the data set mask allowing access to all data sets. Unauthorized access could result in the compromise of the operating system environment, ACP, products, and customer data.Information Assurance OfficerDCCS-1, DCCS-2, ECAR-1, ECAR-2, ECAR-3, ECCD-1, ECCD-2
SV-28773r3_rule ACP00340 CCI-000294 MEDIUM z/OS Baseline reports are not reviewed and validated to ensure only authorized changes have been made within the z/OS operating system. This is a current DISA requirement for change management to system libraries. A product that generates reports validating changes, additions or removal from APF and LPA libraries, as well as changes to SYS1.PARMLIB PDS members, should be run against system libraries to provide a baseline analysis to allow monitoring of changes to these libraries. Failure to monitor and review these reports on a regular bases and validating any changes could threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data. Information Assurance OfficerSystems ProgrammerDCCS-1, DCCS-2, DCPR-1, DCSL-1, ECAT-1, ECAT-2
SV-31681r2_rule TSS0290 CCI-000366 MEDIUM The CPFTARGET Control Option value specified is not set to (LOCAL). The CPFTARGET Control Option indicates whether or not commands are to be propagated to other nodes which are defined to the CPFNODES list or DEFNODES associated with the ACID. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2
SV-31713r5_rule TSS0755 CCI-000199 MEDIUM Interactive ACIDs defined to TSS must have the required fields completed. The required fields indicate the privileges and accesses that each user possesses. If the user is not associated with a group, user accountability is lost for that user and they could conceivably possess more authority than is necessary for them to do their job.Information Assurance OfficerIAIA-1, IAIA-2
SV-36387r2_rule ZUSS0080 CCI-000213 MEDIUM z/OS USS Software owning Shared accounts do not meet strict security and creation restrictions. Shared accounts by nature are a violation of proper audit trail and proper user authentication. If not properly controlled, could cause system corruption without an audit trail tracking session activity to an individual user's identity. Information Assurance OfficerInformation Assurance ManagerECAR-1, ECAR-2, ECAR-3, IAGA-1
SV-38888r5_rule ACP00350 CCI-002234 MEDIUM IEASYMUP resource will be protected in accordance with proper security requirements. Failure to properly control access to the IEASYMUP resource could result in unauthorized personnel modifying sensitive z/OS symbolic. This exposure may threaten the integrity and availability of the operating system environment.Information Assurance Officer
SV-39518r2_rule IFTP0110 CCI-000202 MEDIUM FTP Control cards will be properly stored in a secure PDS file. FTP control cards carry unencrypted information such as userids, passwords and remote IP Addresses. Without a requirement to store this information separate from the JCL and in-stream JCL, it allows a security exposure by allowing read exposure to this information from anyone having access to the JCL libraries.Information Assurance OfficerInformation Assurance ManagerIAIA-1, IAIA-2
SV-41848r5_rule ZWMQ0014 CCI-000366 MEDIUM Production WebSphere MQ Remotes must utilize Certified Name Filters (CNF) IBM Websphere MQ can use a user ID associated with an ACP certificate as a channel user ID. When an entity at one end of an SSL channel receives a certificate from a remote connection, the entity asks The ACP if there is a user ID associated with that certificate. The entity uses that user ID as the channel user ID. If there is no user ID associated with the certificate, the entity uses the user ID under which the channel initiator is running. Without a validly defined Certificate Name Filter for the entity IBM Websphere MQ will set the channel user ID to the default.
SV-44220r3_rule AAMV0500 CCI-000099 MEDIUM Sensitive and critical system data sets exist on shared DASD. Any time a sensitive or critical system data set is allocated on a shared DASD device, it is critical to validate that it is properly protected on any additional systems that are sharing that device. Without proper review and adequate restrictions to access of these data sets on all systems sharing them, can lead to corruption, integrity and availability of the operating system, ACP, and customer data.Information Assurance OfficerSystems ProgrammerDCCS-2, DCSL-1, ECAN-1, ECCD-1, ECCD-2
SV-48610r3_rule TSS0660 CCI-000192 MEDIUM NEWPHRASE and PPSCHAR Control Options must be properly set. Sites may opt to use passphrases in lieu of passwords for authentication. A passphrase must nevertheless be constrained by certain complexity parameters to assure appropriate strength. The NEWPHRASE and PPSCHAR Control Options specify the rules that TSS will apply when a user selects a new password phrase. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2, IAIA-1, IAIA-2
SV-48612r2_rule TSS0670 CCI-000044 MEDIUM NPPTHRESH Control Option will be properly set. The NPPTHRESH Control Option sets the threshold value for the number of attempts allowed for new password re-verification before complete logon sequence needs restarting. In accordance with DODI 8500.2 for DOD information systems processing sensitive information and above, and CJCSM 6510.01, the following recommendations concerning password requirements are mandatory and apply equally to both classified and unclassified systems: The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2, IAIA-1, IAIA-2
SV-48613r2_rule TSS0680 CCI-000199 MEDIUM PPEXP Control Option will be properly set. The PPEXP Control Option allows the site to specify a password expiration interval. In accordance with DODI 8500.2 for DOD information systems processing sensitive information and above, and CJCSM 6510.01, the following recommendations concerning password requirements are mandatory and apply equally to both classified and unclassified systems: The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2, IAIA-1, IAIA-2
SV-48614r2_rule TSS0690 CCI-000200 MEDIUM PPHIST Control Option will be properly set. The PPHIST is to prevent users from reusing old password phrases when their current one expires. In accordance with DODI 8500.2 for DOD information systems processing sensitive information and above, and CJCSM 6510.01, the following recommendations concerning password requirements are mandatory and apply equally to both classified and unclassified systems: The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.Information Assurance OfficerDCCS-1, DCCS-2, IAIA-1, IAIA-2
SV-83833r1_rule ICERT010 CCI-002470 MEDIUM All digital certificates in use must have a valid path to a trusted Certification authority. The origin of a certificate, the Certificate Authority (i.e., CA), is crucial in determining if the certificate should be trusted. An approved CA establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted.
SV-83843r1_rule ICERT020 MEDIUM Expired Digital Certificates must not be used. The longer and more often a key is used, the more susceptible it is to loss or discovery. This weakens the assurance provided to a relying Party that the unique binding between a key and its named subscriber is valid. Therefore, it is important that certificates are periodically refreshed. This is in accordance with DoD requirement. Expired Certificate must not be in use.
SV-83849r1_rule ICERT030 MEDIUM Certificate Name Filtering must be implemented with appropriate authorization and documentation. Certificate name filtering is a facility that allows multiple certificates to be mapped to a single ACP userid. Rather than matching a certificate stored in the ACP to determine the userid, criteria rules are used. Depending on the filter criteria, a large number of client certificates could be mapped to a single userid. Failure to properly control the use of certificate name filtering could result in the loss of individual identity and accountability.
SV-83851r1_rule ZSSH0010 HIGH The SSH daemon must be configured to only use the SSHv2 protocol. SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system.
SV-83853r1_rule ZSSH0020 HIGH The SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Cryptographic modules must adhere to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
SV-83855r1_rule ZSSH0030 MEDIUM The SSH daemon must be configured with the Department of Defense (DoD) logon banner. Failure to display the DoD logon banner prior to a logon attempt will negate legal proceedings resulting from unauthorized access to system resources.
SV-83857r1_rule ZSSH0040 MEDIUM SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events. SMF data collection is the basic unit of tracking of all system functions and actions. Included in this tracking data are the audit trails from each of the ACPs. If the control options for the recording of this tracking are not properly maintained, then accountability cannot be monitored, and its use in the execution of a contingency plan could be compromised.
SV-83859r1_rule ZSSH0050 MEDIUM The SSH daemon must be configured to use SAF keyrings for key storage. The use of SAF Key Rings for key storage enforces organizational access control policies and assures the protection of cryptographic keys in storage.
SV-85847r1_rule ACP00062 CCI-000213 HIGH Libraries included in the system REXXLIB concatenation must be properly protected. The libraries included in the system REXXLIB concatenation can contain program modules which possess a significant level of security bypass capability. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.
SV-93755r2_rule TSS0485 HIGH NIST FIPS-validated cryptography must be used to protect passwords in the security database. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Cryptographic modules must adhere to the higher standards approved by the federal government since this provides assurance they have been tested and validated.