Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
IBM z/OS FTP Control cards must be properly stored in a secure PDS file.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-223977 | TSS0-FT-000050 | SV-223977r877818_rule | Medium |
| Description |
|---|
| Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture and/or functionality of the system. Security-related parameters are those parameters impacting the security state of the system, including the parameters required to satisfy other security control requirements. Security-related parameters include, for example: registry settings; account, file, directory permission settings; and settings for functions, ports, protocols, services, and remote connections. |
| STIG | Date |
|---|---|
| IBM z/OS TSS Security Technical Implementation Guide | 2023-03-20 |
Details
| Check Text ( C-25650r516330_chk ) |
|---|
| Ask the System administrator fora list(s) of the locations for all FTP Control cards within a given application/AIS, ensuring no FTP control cards are within in-stream JCL, JCL libraries or any open access data sets. If access to PDS files where FTP Control cards are stored are not restricted to appropriate personnel this is a finding. |
| Fix Text (F-25638r516331_fix) |
|---|
| Make sure that the FTP control Cards for each FTP are stored in a secure PDS and that they are not placed in the JCL libraries or in the in-stream JCL for each FTP. |