| Provide a list(s) of the locations for all FTP Control cards within a given application/AIS, ensuring no FTP control cards are within in-stream JCL, JCL libraries or any open access data sets. The list must indicate which application uses the PDS, and access requirements for those PDSes (who and what level of access). Lists/spreadsheet used for documenting the meeting of this requirement must be maintained by the responsible Application/AIS Team, available upon request and not maintained by Mainframe ISSO. |
Obtain the list/spreadsheet from the Application/AIS Team.
Access to FTP scripts and/or data files located on host system(s) that contain FTP userid and or password will be restricted to those individuals responsible for the application connectivity and who have a legitimate requirement to know the userid and password on a remote system.
FTP Control Cards within In-stream JCL, within JCL libraries or open access libraries/data sets is a finding.
If there is anyone not listed within the spreadsheet by userid that has access of Read or greater to the FTP control cards, this is a finding.