Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet server must have the INACTIVE statement properly specified.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-98367 | RACF-TN-000010 | SV-107471r1_rule | Medium |
| Description |
|---|
| To address access requirements, many operating systems can be integrated with enterprise-level authentication/access/auditing mechanisms that meet or exceed access control policy requirements. |
| STIG | Date |
|---|---|
| IBM z/OS RACF Security Technical Implementation Guide | 2020-06-29 |
Details
| Check Text ( C-97203r1_chk ) |
|---|
| Refer to the Profile configuration file specified on the PROFILE DD statement in the TN3270 started task JCL. Note: If the INCLUDE statement is coded in the TCP/IP Profile configuration file, the data set specified on this statement must be checked for the following items as well. TELNETGLOBAL Block (only one defined) TELNETPARMS Block (one defined for each port the server is listening to, typically ports 23 and 992) If the TELNETPARMS INACTIVE statement is coded either in the TELNETGLOBALS or within each TELNETPARMS statement block and specifies a value between "1" and "900", this is not a finding. |
| Fix Text (F-104043r1_fix) |
|---|
| Configure the configuration statements in the PROFILE.Tn3270 to conform to the specifications below: NOTE: If the INCLUDE statement is coded in the TCP/IP Profile configuration file, the data set specified on this statement must be checked for the following items as well. The TELNETPARMS INACTIVE statement is coded either within the TELNETGLOBALS OR within each TELNETPARMS statement block and specifies a value between "1" and "900". |