V-6991 | High | UID(0) is improperly assigned. | User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these... |
V-142 | High | The OPTS GSO record value will be set to the values specified. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-184 | High | LOGONIDs must not be defined to SYS1.UADS for non-emergency use. | SYS1.UADS is a dataset where LOGONIDs will be maintained with applicable password information when the ACP is not functional. If an unauthorized user has access to SYS1.UADS, they could enter... |
V-69231 | High | The SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm. | Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Cryptographic modules must adhere to the higher standards approved by the federal... |
V-108 | High | SYS1.PARMLIB is not limited to only system programmers. | SYS1.PARMLIB contains the parameters which control system IPL, configuration characteristics, security facilities, and performance. Unauthorized access could result in the compromise of the... |
V-6958 | High | WebSphere MQ channel security must be implemented in accordance with security requirements. | WebSphere MQ Channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. Secure Sockets Layer (SSL) uses encryption techniques,... |
V-118 | High | The ACP security data sets and/or databases must be properly protected. | The Access Control Program (ACP) database files contain all access control information for the operating system environment and system resources. Unauthorized access could result in the compromise... |
V-119 | High | Access greater than Read to the System Master Catalog must be limited to system programmers only. | System catalogs are the basis for locating all files on the system. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.
|
V-112 | High | Write or greater access to SYS1.LPALIB must be limited to system programmers only.
| SYS1.LPALIB is automatically APF-authorized during IPL processing and can contain SVCs. LPA modules, once loaded into the Link Pack Area, are capable of performing APF-authorized functions. This... |
V-113 | High | Update and allocate access to all APF -authorized libraries are not limited to system programmers only. | The Authorized Program List designates those libraries that can contain program modules which possess a significant level of security bypass capability. Unauthorized access could result in the... |
V-110 | High | Write or greater access to SYS1.SVCLIB must be limited to system programmers only. | This data set is automatically APF-authorized, contains system SVCs, and may also contain I/O appendages. Unauthorized access could result in the compromise of the operating system environment,... |
V-111 | High | Write or greater access to SYS1.IMAGELIB must be limited to system programmers only.
| SYS1.IMAGELIB is a partitioned data set containing universal character set (UCS), forms control buffer (FCB), and printer control information. Most IBM standard UCS images are included in... |
V-116 | High | Write or greater access to libraries that contain PPT modules must be limited to system programmers only. | Specific PPT designated program modules possess significant security bypass capabilities. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data. |
V-114 | High | Write or greater access to all LPA libraries must be limited to system programmers only. | LPA modules, once loaded into the Link Pack Area, are capable of performing APF-authorized functions. This authorization allows a program to bypass various levels of security checking.... |
V-115 | High | Write or greater access to SYS1.NUCLEUS must be limited to system programmers only. | This data set contains a large portion of the system initialization (IPL) programs and pointers to the master and alternate master catalog. Unauthorized access could result in the compromise of... |
V-71223 | High | Libraries included in the system REXXLIB concatenation must be properly protected. | The libraries included in the system REXXLIB concatenation can contain program modules which possess a significant level of security bypass capability. Unauthorized access could result in the... |
V-15209 | High | Site does not maintain documented procedures to apply security related software patches to their system and does not maintain a log of when these patches were applied. | Vendors' code may contain vulnerabilities that may be exploited to cause denial of service or to violate the integrity of the system or data on the System. Most vendors develop patches to correct... |
V-122 | High | Write or greater access to SYS1.UADS must be limited to system programmers only and read and update access must be limited to system programmer personnel and/or security personnel. | SYS1.UADS is the data set where emergency USERIDs are maintained. This ensures that logon processing can occur even if the ACP is not functional. Unauthorized access could result in the compromise... |
V-129 | High | Write or greater access to Libraries containing EXIT modules must be limited to system programmers only. | System exits have a wide range of uses and capabilities within any system. Exits may introduce security exposures within the system, modify audit trails, and alter individual user capabilities.... |
V-234 | High | All system PROCLIB data sets must be limited to system programmers only | Unauthorized access to PROCLIB data sets referenced in the JES2 procedure can allow unauthorized modifications to STCs and other system level procedures. This could result in the compromise of... |
V-3900 | High | Vendor-supplied user accounts for the WebSphere Application Server are defined to the ACP. | Vendor-supplied user accounts are defined to the ACP with factory-set passwords during the installation of the WebSphere Application Server (WAS). These user accounts are common to all WAS... |
V-65647 | High | NIST FIPS-validated cryptography must be used to protect passwords in the security database. | Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Cryptographic modules must adhere to the higher standards approved by the federal... |
V-36 | High | Dynamic lists must be protected in accordance with proper security requirements. | Dynamic lists provide a method of making z/OS system changes without interrupting the availability of the operating system. Failure to properly control access to these facilities could result in... |
V-6960 | High | Websphere MQ "switch" profiles are improperly defined to the MQADMIN class. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-69229 | High | The SSH daemon must be configured to only use the SSHv2 protocol.
| SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system. |
V-7545 | High | Unsupported system software is installed and active on the system. | When a vendor drops support of System Software, they no longer maintain security vulnerability patches to the software. Without vulnerability patches, it is impossible to verify that the system... |
V-6972 | High | z/OS UNIX SUPERUSER resource must be protected in accordance with guidelines. | z/OS UNIX ACP-defined resources consist of sensitive capabilities including SUPERUSER, daemon, and numerous file manipulation privileges. Missing or inaccurate protection of these resources could... |
V-6970 | High | z/OS UNIX resources must be protected in accordance with security requirements. | z/OS UNIX ACP-defined resources consist of sensitive capabilities including SUPERUSER, daemon, and numerous file manipulation privileges. Missing or inaccurate protection of these resources could... |
V-3899 | Medium | The CBIND Resource(s) for the WebSphere Application Server is(are) not protected in accordance with security requirements. | SAF resources provide the ability to control access to functions and services of the WebSphere Application Server (WAS) environment. Many of these resources provide operational and administrative... |
V-3898 | Medium | HFS objects for the WebSphere Application Server are not protected in accordance with the proper security requirements. | HFS directories and files provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Many of these objects are responsible for the... |
V-6919 | Medium | JES2 input sources are not controlled in accordance with the proper security requirements. | JES2 input sources provide a variety of channels for job submission. Failure to properly control the use of these input sources could result in unauthorized submission of work into the operating... |
V-3897 | Medium | MVS data sets for the WebSphere Application Server are not protected in accordance with the proper security requirements. | MVS data sets provide the configuration, operational, and executable properties of the WebSphere Application Server (WAS) environment. Failure to properly protect these data sets may lead to... |
V-3895 | Medium | DFSMS control data sets must be protected in accordance with security requirements. | DFSMS control data sets provide the configuration and operational characteristics of the system-managed storage environment. Failure to properly protect these data sets may result in unauthorized... |
V-6995 | Medium | The CLASSMAP DEFINITIONS list does not include entires for the FACILITY, SURROGAT, and UNIXPRIV resource classes in accordance with security requirements. | Parameter settings in the ACP impact the security level of z/OS UNIX. |
V-6994 | Medium | The GSO UNIXOPTS record must specify CHOWNRES. | Parameter settings in the ACP impact the security level of z/OS UNIX. |
V-69233 | Medium | The SSH daemon must be configured with the Department of Defense (DoD) logon banner. | Failure to display the DoD logon banner prior to a logon attempt will negate legal proceedings resulting from unauthorized access to system resources. |
V-69235 | Medium | SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events. | SMF data collection is the basic unit of tracking of all system functions and actions. Included in this tracking data are the audit trails from each of the ACPs. If the control options for the... |
V-6993 | Medium | The GSO UNIXOPTS record must not specify default settings for classified systems. | Default profile settings allow a user to access UNIX System Services (OMVS) if a user does not have a valid OMVS group in the logonid record. Settings in the ACP impact the security level of z/OS... |
V-6992 | Medium | z/OS UNIX user accounts are not properly defined. | User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these... |
V-156 | Medium | The TSO2741 GSO record values specified are not in accordance with the proper security requirements. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-28603 | Medium | z/OS USS Software owning Shared accounts do not meet strict security and creation restrictions. | Shared accounts by nature are a violation of proper audit trail and proper user authentication. If not properly controlled, could cause system corruption without an audit trail tracking... |
V-3236 | Medium | User exits for the FTP Server must not be used without proper approval and documentation. | Several user exit points in the FTP Server component are available to permit customization of its operating behavior. These exits can be used to modify functions such as FTP command usage, client... |
V-83 | Medium | LNKAUTH=APFTAB is not specified in the IEASYSxx member(s) in the currently active parmlib data set(s). | Failure to specify LINKAUTH=APFTAB allows libraries other than those designated as APF to contain authorized modules which could bypass security and violate the integrity of the operating system... |
V-86 | Medium | The review of AC=1 modules in APF authorized libraries will be reviewed annually and documentation verifying the modules integrity is available. | The review of AC=1 modules that reside in APF authorized libraries will be reviewed annually. The IAO will maintain documentation identifying the integrity and justification of Vendor APF... |
V-178 | Medium | The number of users granted the special privilege CONSOLE is not justified. | Users with this privilege could intentionally or inadvertently issue console commands that could cause system resources and customer data to become unavailable. |
V-179 | Medium | The number of users granted the special privilege ALLCMDS is not justified. | Users with this privilege may have access to restricted TSO commands and programs. This could result in the compromise of the confidentiality, integrity, and availability of the operating system,... |
V-174 | Medium | The LOGONIDs with the AUDIT or CONSULT attribute must be properly scoped. | Individuals with these attributes have the ability to view security definitions for resources not in their scope. This could result in the compromise of the confidentiality, integrity, and... |
V-175 | Medium | Procedures are not in place to ensure all LOGONIDs with the READALL attribute are used and controlled. | READALL allows the individual to view any file and violates the principle of least privilege. This could result in the compromise of the confidentiality of customer data. |
V-176 | Medium | The number of users granted the special privilege TAPE-LBL or TAPE-BLP is not justified or limited. | Tape Bypass Label Processing (BLP) is extremely sensitive, as it allows the circumvention of security access checking for the data. This could result in compromise of customer data. |
V-177 | Medium | The special privileges must be assigned on an as-needed basis to LOGONIDs associated with STCs and LOGONIDs that need to execute TSO in batch. | Users with this privilege can mount tape and DASD. This could result in the compromise of the confidentiality, integrity, availability of the operating system, ACP, or customer data. |
V-171 | Medium | LOGONIDs with the ACCOUNT, LEADER, or SECURITY attribute must be properly scoped. | Individuals with these powerful attributes may have more extensive privileges than necessary to perform their job function. There could be no separation of duties and/or principle of least... |
V-172 | Medium | There are LOGONIDs with the SECURITY attribute that do not have the RULEVLD and RSRCVLD attributes specified. | Failure to assign the attribute bypasses security checking for the LOGONID and could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or... |
V-173 | Medium | The LOGONID with the ACCTPRIV attribute must be restricted to the IAO. | Individuals with the ACCTPRIV could add or delete users in SYS1.UADS and jeopardize the availability of the operating system, ACP, and customer data. |
V-6928 | Medium | JES2 system commands are not protected in accordance with security requirements.. | JES2 system commands are used to control JES2 resources and the operating system environment. Failure to properly control access to JES2 system commands could result in unauthorized personnel... |
V-150 | Medium | The SECVOLS GSO record value is set to VOLMASK(). Any local changes are justified and documented with the IAO. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-6920 | Medium | JES2 input sources must be properly controlled. | JES2 input sources provide a variety of channels for job submission. Failure to properly control the use of these input sources could result in unauthorized submission of work into the operating... |
V-5627 | Medium | The hosts identified by the NSINTERADDR statement will be properly protected. | If the hosts identified by NSINTERADDR statement are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the host... |
V-34 | Medium | System programs (e.g., exits, SVCs, etc.) must have approval of appropriate authority and/or documented correctly. | Many vendor products and applications require or provide operating system exits, SVCs, I/O appendages, special PPT privileges, and APF authorization. Without proper review, approval and adequate... |
V-151 | Medium | The SYNCOPTS GSO record values are set to the values specified. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-6924 | Medium | JESNEWS resources are not protected in accordance with security requirements. | JES2 spool resources include all SYSOUT, SYSLOG, JESTRACE, and JESNEWS data sets. Failure to properly control JES2 spool resources could result in unauthorized personnel accessing job output,... |
V-6925 | Medium | JESTRACE and/or SYSLOG resources are not protected in accordance with security requirements. | JES2 spool resources include all SYSOUT, SYSLOG, JESTRACE, and JESNEWS data sets. Failure to properly control JES2 spool resources could result in unauthorized personnel accessing job output,... |
V-6926 | Medium | JES2 spool resources will be controlled in accordance with security requirements. | JES2 spool resources include all SYSOUT, SYSLOG, JESTRACE, and JESNEWS data sets. Failure to properly control JES2 spool resources could result in unauthorized personnel accessing job output,... |
V-31 | Medium | DFSMS resources must be protected in accordance with the proper security requirements. | DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and... |
V-181 | Medium | The number of users granted the special privilege OPERATOR must be kept to a strictly controlled minimum. | Users with this privilege can do anything from canceling jobs to disabling the entire system. This could result in the compromise of the confidentiality, integrity, and availability of the... |
V-180 | Medium | The number of users granted the special privilege PPGM is not justified. | Users with this privilege may have access to powerful utilities and could intentionally or inadvertently compromise operating system integrity or destroy data on a large-scale basis. Misuse of... |
V-183 | Medium | Sensitive Utility Controls will be properly defined and protected. | Sensitive Utility Controls can run sensitive system privileges or controls, and potentially can circumvent system and security controls. Failure to properly control access to these resources... |
V-182 | Medium | Memory and privileged program dumps must be protected in accordance with proper security requirements. | Access to memory and privileged program dumps running Trusted Control Block (TCB) key 0-7 may hold passwords, encryption keys, or other sensitive data must not be made available. Failure to... |
V-6965 | Medium | WebSphere MQ queue resource defined to the MQQUEUE resource class are not protected in accordance with security requirements. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-6967 | Medium | WebSphere MQ Namelist resources are not protected in accordance with security requirements. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-109 | Medium | Access to SYS1.LINKLIB is not properly protected. | This data set is automatically APF-authorized, contains system SVCs and the base PPT. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data. |
V-6996 | Medium | The INFODIR record does not include entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes in accordance with security requirements. | Parameter settings in the ACP impact the security level of z/OS UNIX. |
V-297 | Medium | TSOAUTH resources must be restricted to authorized users. | The TSOAUTH resource class controls sensitive privileges, such as OPER, ACCOUNT, MOUNT, TESTAUTH, CONSOLE, and PARMLIB. Several of these privileges offer the ability, or provide a facility, to... |
V-6974 | Medium | z/OS UNIX MVS data sets or HFS objects are not properly protected. | For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets... |
V-101 | Medium | Non-standard SMF data collection options specified. | SMF data collection is the basic unit of tracking of all system functions and actions. Included in this tracking data are the audit trails from each of the ACPs. If the control options for the... |
V-103 | Medium | An automated process is not in place to collect and retain SMF data. | SMF data collection is the basic unit of tracking of all system functions and actions. Included in this racking data is the audit trail from the ACP. If the control options for the recording of... |
V-102 | Medium | Required SMF data record types must be collected. | SMF data collection is the basic unit of tracking of all system functions and actions. Included in this tracking data are the audit records from each of the ACPs and system. If the required SMF... |
V-105 | Medium | ACP database is not backed up on a scheduled basis. | Loss of the ACP database would cause an interruption in the service of the operating system environment. If regularly scheduled backups of this database are not processed, system recovery time... |
V-104 | Medium | ACP database is not on a separate physical volume from its backup and recovery datasets. | The ACP backup and recovery data files provide the only means of recovering the ACP database in the event of its damage. In the case where this damage is to the physical volume on which it... |
V-107 | Medium | PASSWORD data set and OS passwords are utilized. | All protection of system resources must come from the ACP. If multiple protection mechanisms are in place, the accessibility of data, specifically under contingency plan execution, is subject to... |
V-106 | Medium | System DASD backups are not performed on a regularly scheduled basis. | If backups of the operating environment are not properly processed, implementation of a contingency plan would not include the data necessary to fully recover from any outage. |
V-163 | Medium | There are LOGONIDs associated with started tasks that have the MUSASS attribute and the requirement to submit jobs on behalf of its users but do not have the JOBFROM attribute as required. | Individual accountability will be lost when submitting a job. |
V-29952 | Medium | FTP Control cards will be properly stored in a secure PDS file. | FTP control cards carry unencrypted information such as userids, passwords and remote IP Addresses. Without a requirement to store this information separate from the JCL and in-stream JCL, it... |
V-7516 | Medium | CICS system data sets are not properly protected. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to CICS system data sets (i.e., product, security,... |
V-168 | Medium | Emergency LOGONIDs must be properly defined. | Emergency USERIDs are necessary in the event of a system outage for recovery purposes. It is critical that those USERIDs be defined with the appropriate access to ensure timely restoration of services.. |
V-44 | Medium | CICS region logonid(s) must be defined and/or controlled in accordance with the security requirements. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default,... |
V-159 | Medium | Interactive LOGONIDs defined to ACF2 must have the required fields completed. | Improper assignments of attributes in the LOGONID record may allow users excessive privileges resulting in unauthorized access. |
V-117 | Medium | Update and allocate access to LINKLIST libraries are not limited to system programmers only. | The primary function of the LINKLIST is to serve as a single repository for commonly used system modules. Failure to ensure that the proper set of libraries are designated for LINKLIST can impact... |
V-161 | Medium | There are LOGONIDs assigned for started tasks that do not have the STC attribute specified in the associated LOGONID record. | If a LOGONID for a started task does not have the STC attribute specified, this could result in system or application unavailability. |
V-3219 | Medium | TCP/IP resources must be properly protected. | The Communication Server access authorization is used to protect TCP/IP resources such as stack, network, port, and other SERVAUTH resources. These resources provide additional security checks for... |
V-3218 | Medium | The permission bits and user audit bits for HFS objects that are part of the Base TCP/IP component must be configured properly. | HFS directories and files of the Base TCP/IP component provide the configuration, operational, and executable properties of IBMs TCP/IP system product. Failure to properly secure these objects... |
V-6921 | Medium | JES2 output devices are not controlled in accordance with the proper security requirements. | JES2 output devices provide a variety of channels to which output can be processed. Failure to properly control these output devices could result in unauthorized personnel accessing output. This... |
V-3215 | Medium | Configuration files for the TCP/IP stack are not properly specified. | The TCP/IP stack reads two configuration files to determine values for critical operational parameters. These file names are specified in multiple locations and, depending on the process, are... |
V-3217 | Medium | PROFILE.TCPIP configuration statements for the TCP/IP stack are not coded properly. | The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TCP/IP stack. Inappropriate values could result in undesirable operations and degraded... |
V-3216 | Medium | TCPIP.DATA configuration statements for the TCP/IP stack will be properly specified. | During the initialization of TCP/IP servers and clients, the TCPIP.DATA configuration file provides information that is essential for proper operations of TCP/IP applications. Inappropriate... |
V-3239 | Medium | The permission bits and user audit bits for HFS objects that are part of the FTP Server component will be properly configured.
| HFS directories and files of the FTP Server provide the configuration and executable properties of this product. Failure to properly secure these objects may lead to unauthorized access resulting... |
V-54 | Medium | Surrogate users must be controlled in accordance with the proper requirements. | Surrogate users have the ability to submit jobs on behalf of another user (the execution user) without specifying the execution user's password. Jobs submitted by surrogate users run with the... |
V-160 | Medium | There are batch jobs with restricted LOGONIDs that do not have the PGM(xxxxxxxx) and SUBAUTH attributes or the SOURCE(xxxxxxxx) attribute assigned to the corresponding LOGONIDs. | Unauthorized jobs may be introduced into the system. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data. |
V-127 | Medium | Access to SYS(x).TRACE is not limited to system programmers only. | SYS1.TRACE is used to trace and debug system problems. Unauthorized access could result in a compromise of the integrity and availability of all system data and processes. |
V-126 | Medium | Update and allocate access to System backup files are not limited to system programmers and/or batch jobs that perform DASD backups. | System backup data sets are necessary for recovery of DASD resident data sets. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data. |
V-125 | Medium | Access to SYSTEM DUMP data sets are not limited to system programmers only. | System DUMP data sets are used to record system data areas and virtual storage associated with system task failures. Unauthorized access could result in the compromise of the operating system... |
V-124 | Medium | Update and allocate access to data sets used to backup and/or dump SMF collection files are not limited to system programmers and/or batch jobs that perform SMF dump processing. | SMF backup data sets are those data sets to which SMF data has been offloaded in order to ensure a historical tracking of individual user accountability. Unauthorized access could result in the... |
V-123 | Medium | Update and allocate access to SMF collection files (i.e., SYS1.MANx) are not limited to system programmers and/or batch jobs that perform SMF dump processing. | SMF data collection is the system activity journaling facility of the z/OS system. With the proper parameter designations it serves as the basis to ensure individual user accountability. SMF... |
V-121 | Medium | Update and allocate access to the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) are not limited to system programmers only. | The JES2 System data sets are a common repository for all jobs submitted to the system and the associated printout and configuration of the JES2 environment. Unauthorized access could result in... |
V-120 | Medium | Update and allocate access to all system-level product installation libraries are not limited to system programmers only. | System-level product installation libraries constitute the majority of the systems software libraries. Unauthorized access could result in the compromise of the operating system environment, ACP,... |
V-128 | Medium | Access to System page data sets (i.e., PLPA, COMMON, and LOCALx) are not limited to system programmers. | Page data sets hold individual pages of virtual storage when they are paged out of real storage. Unauthorized access could result in the compromise of the operating system environment, ACP, and... |
V-6937 | Medium | SYS(x).PARMLIB(IGDSMSxx), SMS parameter settings are not properly specified.
| Configuration properties of DFSMS are specified in various members of the system parmlib concatenation (e.g., SYS1.PARMLIB). Statements within these PDS members provide the execution,... |
V-6936 | Medium | DFSMS control data sets are not properly protected. | DFSMS control data sets provide the configuration and operational characteristics of the system-managed storage environment. Failure to properly protect these data sets may result in unauthorized... |
V-6933 | Medium | SMS Program Resources must be properly defined and protected. | DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and... |
V-7050 | Medium | Attributes of z/OS UNIX user accounts used for account modeling must be defined in accordance with security requirements. | User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs) that use z/OS UNIX facilities are defined to an ACP with attributes defined in the STIG. If these attributes are not correctly... |
V-2 | Medium | The LOGONIDs specified In GSO MAINT records will have the JOB and MAINT attributes specified In the associated LOGONID record. | If there is a LOGONID intended for maintenance purposes that does not have the MAINT and JOB attributes specified, then it cannot function as intended. This could result in the inability to... |
V-6939 | Medium | DFSMS resource type(s) is(are) not defined to the GSO INFODIR record in accordance with security requirements. | DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and... |
V-1 | Medium | There are started task LOGONIDs with the NON-CNCL attribute specified In the associated LOGONID record that are not listed as trusted and have not been specifically approved. | The NON-CNCL privilege exempts the started tasks from security checking. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, and... |
V-3229 | Medium | The startup user account for the z/OS UNIX Telnet Server is not defined properly. | The z/OS UNIX Telnet Server (i.e., otelnetd) requires a UID(0) to provide its system services. After the user enters their userid and password, otelnetd switches to the security context of the... |
V-6980 | Medium | WebSphere MQ channel security is not implemented in accordance with security requirements. | WebSphere MQ channel security can be configured to provide authentication, message privacy, and message integrity between queue managers. WebSphere MQ channels use SSL encryption techniques,... |
V-3220 | Medium | Started tasks for the Base TCP/IP component must be defined in accordance with security requirements. | The TCP/IP started tasks require special privileges and access to sensitive resources to provide its system services. Failure to properly define and control these TCP/IP started tasks could lead... |
V-3221 | Medium | MVS data sets for the Base TCP/IP component are not properly protected, | MVS data sets of the Base TCP/IP component provide the configuration, operational, and executable properties of IBMs TCP/IP system product. Failure to properly secure these data sets may lead to... |
V-3222 | Medium | PROFILE.TCPIP configuration statements for the TN3270 Telnet Server are not properly specified. | The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TN3270 Telnet Server. Several of these parameters have potential impact to system security. ... |
V-3223 | Medium | VTAM session setup controls for the TN3270 Telnet Server are not properly specified. | After a connection from a Telnet client to the TN3270 Telnet Server has been established, the process of session setup with a VTAM application occurs. A number of BEGINVTAM statements must be... |
V-3224 | Medium | The warning banner for the TN3270 Telnet Server is not specified or properly specified. | A logon banner can be used to inform users about the environment during the initial logon. In the DISA environment, logon banners are used to warn users against unauthorized entry and the... |
V-3226 | Medium | SSL encryption options for the TN3270 Telnet Server will be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS. | During the SSL connection process a mutually acceptable encryption algorithm is selected by the server and client. This algorithm is used to encrypt the data that subsequently flows between the... |
V-3227 | Medium | SMF recording options for the TN3270 Telnet Server must be properly specified. | The TN3270 Telnet Server can provide audit data in the form of SMF records. The SMF data produced provides information about individual sessions. This data includes the VTAM application, the... |
V-6893 | Medium | CICS startup JCL statement is not specified in accordance with the proper security requirements. | The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the... |
V-6894 | Medium | Sensitive CICS transactions are not protected in accordance with the proper security requirements. | Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can... |
V-6896 | Medium | Sensitive CICS transactions are not protected in accordance with the proper security requirements. | Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can... |
V-131 | Medium | The AUTHEXIT GSO record value is used to define an extended user authentication exit at TSO logon, for Operator Identification (OID) card usage. DISA requires the use of NCPASS on all of its domains. DISA sites require the use of AUTHEXIT for other non DISA sites this value is optional. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-132 | Medium | The AUTOERAS GSO record value must be set to indicate that ACF2 is controlling the automatic physical erasure of VSAM or non VSAM data sets. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-133 | Medium | The BACKUP GSO record value specifies a time field and Time(00:00 ) is not specified unless the database is shared and backed up on another system. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-134 | Medium | The BLPPGM GSO record value indicates that ACF2 does not control the programs authorized to use tape bypass label processing (BLP). | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-135 | Medium | The CLASMAP GSO record value translates an eight-character SAF resource class into a three character ACF2 resource type code. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-136 | Medium | The EXITS GSO record value specifies the module names of site written ACF2 exit routines. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-138 | Medium | The LINKLST GSO record value if specified only contains trusted system datasets. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-154 | Medium | The TSOKEYS GSO record values specified are not in accordance with security requirements. | • (ACF0520: CAT II) The IAO will ensure that the TSOKEYS GSO value is set to KEYWORDS()....
The system-wide options control the default settings for determining how the ACP will function when... |
V-6942 | Medium | DFSMS resource class(es) is(are) not defined to the GSO CLASMAP record in accordance with security requirements. | DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and... |
V-6941 | Medium | DFMSM resource class(es) is(are) not defined to the GSO SAFDEF record in accordance with security requirements | DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and... |
V-6946 | Medium | z/OS UNIX HFS MapName files security parameters are not properly specified. | Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to... |
V-6947 | Medium | z/OS UNIX security parameters for restricted network service(s) in /etc/inetd.conf are not properly specified. | Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to... |
V-6944 | Medium | z/OS UNIX OMVS parameters in PARMLIB are not properly specified. | Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to... |
V-6945 | Medium | z/OS UNIX BPXPRMxx security parameters in PARMLIB are not properly specified. | Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to... |
V-6949 | Medium | The VTAM USSTAB definitions are being used for unsecured terminals | VTAM options and definitions are used to define VTAM operational capabilities. They must be strictly controlled. Unauthorized users could override or change start options or network definitions.... |
V-29532 | Medium | IEASYMUP resource will be protected in accordance with proper security requirements. | Failure to properly control access to the IEASYMUP resource could result in unauthorized
personnel modifying sensitive z/OS symbolic. This exposure may threaten the integrity and
availability of... |
V-6978 | Medium | z/OS UNIX HFS permission bits and audit bits for each directory will be properly protected or specified. | For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets... |
V-33795 | Medium | Sensitive and critical system data sets exist on shared DASD. | Any time a sensitive or critical system data set is allocated on a shared DASD device, it is critical to validate that it is properly protected on any additional systems that are sharing that... |
V-155 | Medium | The TSOTWX GSO record values are set to the values specified. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-3331 | Medium | The ACP audit logs must be reviewed on a regular basis . | Each ACP has the ability to produce audit records, based on specific security-related events. Audit Trail, Monitoring, Analysis and Reporting provides automated, continuous on-line monitoring and... |
V-6922 | Medium | JES2 output devices must be properly controlled for Classified Systems. | JES2 output devices provide a variety of channels to which output can be processed. Failure to properly control these output devices could result in unauthorized personnel accessing output. This... |
V-3905 | Medium | WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted | MVS data sets provide the configuration, operational, and executable properties of WebSphere MQ. Some data sets are responsible for the security implementation of WebSphere MQ. Failure to... |
V-3904 | Medium | WebSphere MQ started tasks are not defined in accordance with the proper security requirements. | Started tasks are used to execute WebSphere MQ queue manager services. Improperly defined WebSphere MQ started tasks may result in inappropriate access to application resources and the loss of... |
V-3901 | Medium | The WebSphere Application Server plug-in is not specified in accordance with the proper security requirements. | Requests processed by the WebSphere Application Server (WAS) are dependent on directives configured in the HTTP server httpd.conf file. These directives specify critical files containing the WAS... |
V-3903 | Medium | User timeout parameter values for WebSphere MQ queue managers are not specified in accordance with security requirements.
| Users signed on to a WebSphere MQ queue manager could leave their terminals unattended for long periods of time. This may allow unauthorized individuals to gain access to WebSphere MQ resources... |
V-7091 | Medium | ACF2/CICS parameter data sets are not protected in accordance with the proper security requirements. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to ACF2/CICS parameter data sets (i.e., product,... |
V-302 | Medium | CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements. | The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the... |
V-152 | Medium | The TSO GSO record values must be set to the values specified. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-7486 | Medium | MCS console userid(s) will be properly protected. | MCS consoles can be used to issue operator commands. Failure to properly control access to MCS consoles could result in unauthorized personnel issuing sensitive operator commands. This exposure... |
V-31561 | Medium | Production WebSphere MQ Remotes must utilize Certified Name Filters (CNF) | IBM Websphere MQ can use a user ID associated with an ACP certificate as a channel user ID. When an entity at one end of an SSL channel receives a certificate from a remote connection, the entity... |
V-145 | Medium | The PWPHRASE GSO record must be properly defined. | Sites may opt to use passphrases in lieu of passwords for authentication. A passphrase must nevertheless be constrained by certain complexity parameters to assure appropriate strength. The GSO... |
V-144 | Medium | The PSWD GSO record values must be set to the values specified in the checks portion below. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. Password complexity is one factor of several that determine how... |
V-147 | Medium | The RESVOLS GSO record value is set to Volmask(-). Any other setting requires documentation justifying the change. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-146 | Medium | The RESRULE GSO record value is set to NONE any other setting requires documentation justifying the change. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-141 | Medium | The NJE GSO record value indicates validation options that apply to jobs submitted through a network job entry subsystem (JES2, JES3, RSCS). | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-140 | Medium | The MAINT GSO record value if specified will be restricted to production storage management user accounts and programs. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-143 | Medium | The PPGM GSO record value indicates protected programs that are only executed by privileged users. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-6956 | Medium | The System datasets used to support the VTAM network are not properly secured. | VTAM options and definitions are used to define VTAM operational capabilities. They must be strictly controlled. Unauthorized users could override or change start options or network definitions.... |
V-6959 | Medium | WebSphere MQ resource classes are not properly activated. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-36899 | Medium | The OPTS GSO record value must be set to the values specified. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-149 | Medium | The SAFDEF GSO record baseline values are not are set to the values previously documented. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-148 | Medium | The RULEOPTS GSO record values are set to the values specified. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-153 | Medium | The TSOCRT GSO record values are set to the appropriate values. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-69237 | Medium | The SSH daemon must be configured to use SAF keyrings for key storage. | The use of SAF Key Rings for key storage enforces organizational access control policies and assures the protection of cryptographic keys in storage. |
V-7485 | Medium | CONSOLxx members must be properly configured. | MCS consoles can be used to issue operator commands. Failure to properly control access to MCS consoles could result in unauthorized personnel issuing sensitive operator commands. This exposure... |
V-7558 | Medium | Userids found inactive for more than 35 days are not suspended. | Userid maintenance is critical in a C2 level of trust environment. Userids left on the system for extended periods of time could be reassigned to a different user while retaining the access... |
V-7487 | Medium | MCS consoles access authorization(s) for CONSOLE resource(s) must be properly protected. | MCS consoles can be used to issue operator commands. Failure to properly control access to MCS consoles could result in unauthorized personnel issuing sensitive operator commands. This exposure... |
V-3238 | Medium | SMF recording options for the FTP Server must be configured to write SMF records for all eligible events. | The FTP Server can provide audit data in the form of SMF records. The SMF data produced by the FTP Server provides transaction information for both successful and unsuccessful FTP commands. ... |
V-7482 | Medium | z/OS system commands must be properly protected. | z/OS system commands provide a method of controlling the operating environment. Failure to properly control access to z/OS system commands could result in unauthorized personnel issuing sensitive... |
V-6968 | Medium | BPX resource(s) is(are) not protected in accordance with security requirements. | OS/390 UNIX ACP-defined resources consist of sensitive capabilities including SUPERUSER, daemon, and numerous file manipulation privileges. Missing or inaccurate protection of these resources... |
V-7488 | Medium | Users that have access to the CONSOLE resource in the TSOAUTH resource class are not properly defined. | MCS consoles can be used to issue operator commands. Failure to properly control access to MCS consoles could result in unauthorized personnel issuing sensitive operator commands. This exposure... |
V-7554 | Medium | Key ACF2/CICS parameters must be properly coded. | The ACF2/CICS parameters define the security controls in effect for CICS regions. Failure to code the appropriate values could result in degraded security. This exposure may result in... |
V-3240 | Medium | MVS data sets for the FTP Server are not properly protected. | MVS data sets of the FTP Server provide the configuration and operational characteristics of this product. Failure to properly secure these data sets may lead to unauthorized access resulting in... |
V-6989 | Medium | The user account for the z/OS UNIX (RMFGAT) must be properly defined. | User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these... |
V-162 | Medium | There are LOGONIDs associated with started tasks that have the MUSASS requirement but do not have both the MUSASS and NO-SMC specified in corresponding LOGONID records. | If the LOGONID does not have the MUSASS attribute specified, there is no individual accountability within the associated address space.
If NO-SMC is not specified the potential for VSAM data set... |
V-251 | Medium | Sensitive CICS transactions are not protected in accordance with security requirements. | Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can... |
V-3716 | Medium | User accounts defined to the ACP do not uniquely identify system users. | System users must be uniquely identified to the operating system. To accomplish this, each user must have an individual account defined to the ACP. If user accounts are not associated with... |
V-3237 | Medium | The warning banner for the FTP Server is not specified properely. | A logon banner can be used to inform users about the environment during the initial logon. In the DISA environment, logon banners are used to warn users against unauthorized entry and the... |
V-3235 | Medium | FTP.DATA configuration statements for the FTP Server are not specified in accordance with requirements. | The statements in the FTP.DATA configuration file specify the parameters and values that control the operation of the FTP Server components including the use of anonymous FTP. Several of the... |
V-3234 | Medium | The startup parameters for the FTP include the ANONYMOUS, ANONYMOUS=, or INACTIVE keywords. The FTP daemon’s started task JCL does not specify the SYSTCPD and SYSFTPD DD statements for configuration files. | During initialization, the FTP daemon reads JCL keywords and configuration files to determine values for critical operational parameters. Because system security is impacted by some of these... |
V-3233 | Medium | The FTP Server daemon is not defined with proper security parameters. | The FTP Server daemon requires special privileges and access to sensitive resources to provide its system services. Failure to properly define and control the FTP Server daemon could lead to... |
V-3232 | Medium | HFS objects for the z/OS UNIX Telnet Server will be properly protected. | HFS directories and files of the z/OS UNIX Telnet Server provide the configuration and executable properties of this product. Failure to properly secure these objects may lead to unauthorized... |
V-3231 | Medium | The warning banner for the z/OS UNIX Telnet Server is not specified or not properly specified. | A logon banner can be used to inform users about the environment during the initial logon. Logon banners are used to warn users against unauthorized entry and the possibility of legal action for... |
V-3230 | Medium | Startup parameters for the z/OS UNIX Telnet Server are not specified properly. | The z/OS UNIX Telnet Server (i.e., otelnetd) provides interactive access to the z/OS UNIX shell. During the initialization process, startup parameters are read to define the characteristics of... |
V-6964 | Medium | WebSphere MQ dead letter and alias dead letter queues are not properly defined. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-6969 | Medium | WebSphere MQ alternate user resources defined to MQADMIN resource class are not protected in accordance with security requirements. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-6966 | Medium | WebSphere MQ Process resources are not protected in accordance with security requirements. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-7120 | Medium | CICS logonid(s) do not have time-out limit set to 15 minutes. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default,... |
V-6961 | Medium | z/OS UNIX security parameters in etc/profile are not properly specified. | Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to... |
V-6962 | Medium | WebSphere MQ MQCONN Class resources are not protected in accordance with security. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-6963 | Medium | z/OS UNIX security parameters in /etc/rc not properly specified. | Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to... |
V-6923 | Medium | JESSPOOL resources are not protected in accordance with security requirements. | JES2 spool resources include all SYSOUT, SYSLOG, JESTRACE, and JESNEWS data sets. Failure to properly control JES2 spool resources could result in unauthorized personnel accessing job output,... |
V-6904 | Medium | NCP (Net Work Control Program) Data set access authorization does not restricts UPDATE and/or ALLOCATE access to appropriate personnel. | If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator... |
V-6905 | Medium | A password control is not in place to restrict access to the service subsystem via the operator consoles (local and/or remote) and a key-lock switch is not used to protect the modem supporting the remote console of the service subsystem. | If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator... |
V-6902 | Medium | A documented procedure is not available instructing how to load and dump the FEP NCP (Network Control Program). | If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator... |
V-6903 | Medium | An active log is not available to keep track of all hardware upgrades and software changes made to the FEP (Front End Processor). | If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator... |
V-6900 | Medium | All hardware components of the FEPs are not placed in secure locations where they cannot be stolen, damaged, or disturbed | If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator... |
V-6901 | Medium | Procedures are not in place to restrict access to FEP functions of the service subsystem from operator consoles (local and/or remote), and to restrict access to the diskette drive of the service subsystem. | If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator... |
V-69223 | Medium | All digital certificates in use must have a valid path to a trusted Certification authority.
| The origin of a certificate, the Certificate Authority (i.e., CA), is crucial in determining if the certificate should be trusted. An approved CA establishes grounds for confidence at both ends... |
V-6987 | Medium | The user account for the z/OS UNIX kernel (OMVS) is not properly defined to the security database. | User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these... |
V-6985 | Medium | Attributes of z/OS UNIX user accounts are not defined properly | User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these... |
V-69227 | Medium | Certificate Name Filtering must be implemented with appropriate authorization and documentation. | Certificate name filtering is a facility that allows multiple certificates to be mapped to a single ACP userid. Rather than matching a certificate stored in the ACP to determine the userid,... |
V-69225 | Medium | Expired Digital Certificates must not be used. | The longer and more often a key is used, the more susceptible it is to loss or discovery. This weakens the assurance provided to a relying Party that the unique binding between a key and its named... |
V-6981 | Medium | z/OS UNIX MVS HFS directory(s) with "other" write permission bit set are not properly defined. | For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets... |
V-6927 | Medium | JES2.** resource is not protected in accordance with security requirements. | JES2 system commands are used to control JES2 resources and the operating system environment. Failure to properly control access to JES2 system commands could result in unauthorized personnel... |
V-6988 | Medium | The user account for the z/OS UNIX SUPERUSER userid must be properly defined. | User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these... |
V-7546 | Medium | Site must have a formal migration plan for removing or upgrading OS systems software prior to the date the vendor drops security patch support. | Vendors' code may contain vulnerabilities that may be exploited to cause denial of service or to violate the integrity of the system or data on the System. Most vendors develop patches to correct... |
V-7119 | Medium | CICS default logonid(s) must be defined and/or controlled in accordance with the security requirements. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default,... |
V-6986 | Medium | z/OS UNIX each group is not defined with a unique GID. | User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these... |
V-8271 | Medium | FTP / Telnet unencryted transmissions require Acknowledgement of Risk Letter(AORL) | In addition to the data transmission being in the clear, the user credentials are also passed in the clear, which violates the control IAIA-1. As mitigation for this vulnerability, special... |
V-90 | Medium | Inapplicable PPT entries have not been invalidated. | If invalid or inapplicable PPT entries exist, a venue is provided for the introduction of trojan horse modules with security bypass capabilities. |
V-4850 | Medium | Allocate access to system user catalogs are not limited to system programmers only. | System catalogs are the basis for locating all files on the system. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data. |
V-3242 | Medium | The Syslog daemon is not started at z/OS initialization. | The Syslog daemon, known as SYSLOGD, is a z/OS UNIX daemon that provides a central processing point for log messages issued by other z/OS UNIX processes. The messages may be of varying importance... |
V-3243 | Medium | The Syslog daemon must be properly defined and secured. | The Syslog daemon, known as syslogd, is a zOS UNIX daemon that provides a central processing point for log messages issued by other zOS UNIX processes. It is also possible to receive log messages... |
V-6979 | Medium | z/OS UNIX SYSTEM FILE SECURITY SETTINGS will be properly protected or specified. | For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets... |
V-3241 | Medium | The TFTP Server program is not properly protected. | The Trivial File Transfer Protocol (TFTP) Server, known as tftpd, supports file transfer according to the industry standard Trivial File Transfer Protocol. The TFTP Server does not perform any... |
V-3244 | Medium | The permission bits and user audit bits for HFS objects that are part of the Syslog daemon component will be configured properly. | HFS directories and files of the Syslog daemon provide the configuration and executable properties of this product. Failure to properly secure these objects could lead to unauthorized access. ... |
V-6973 | Medium | WebSphere MQ command resources defined to MQCMDS resource class are not protected in accordance with security requirements. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-6971 | Medium | WebSphere MQ context resources defined to the MQADMIN resource class are not protected in accordance with security requirements. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-6977 | Medium | z/OS UNIX MVS data sets used as step libraries in /etc/steplib are not properly protected | For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets... |
V-6976 | Medium | z/OS UNIX MVS data sets WITH z/OS UNIX COMPONENTS are not properly protected | For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets... |
V-6975 | Medium | WebSphere MQ RESLEVEL resources in the MQADMIN resource class are not protected in accordance with security requirements. | WebSphere MQ resources allow for the control of administrator functions, connections, commands, queues, processes, and namelists. Some resources provide the ability to disable or bypass security... |
V-23837 | Medium | z/OS Baseline reports are not reviewed and validated to ensure only authorized changes have been made within the z/OS operating system. This is a current DISA requirement for change management to system libraries. | A product that generates reports validating changes, additions or removal from APF and LPA libraries, as well as changes to SYS1.PARMLIB PDS members, should be run against system libraries to... |
V-3896 | Low | SYS(x).Parmlib(IEFSSNxx) SMS configuration parameter settings are not properly specified.
| Configuration properties of DFSMS are specified in various members of the system parmlib concatenation (e.g., SYS1.PARMLIB). Statements within these PDS members provide the execution,... |
V-82 | Low | A CMP (Change Management Process) is not being utilized on this system. | Without proper tracking of changes to the operating system software environment, its processing integrity and availability are subject to compromise. |
V-85 | Low | Duplicated sensitive utilities and/or programs exist in APF libraries. | Modules designated as sensitive utilities have the ability to significantly modify the operating system environment. Duplication of these modules causes an exposure by making it extremely... |
V-84 | Low | Inaccessible APF libraries defined. | If a library designated by an APF entry does not exist on the volume specified, a library of the same name may be placed on this volume and inherit APF authorization. This could allow the... |
V-170 | Low | There are no procedures to utilize the LOGONID with the REFRESH attribute. | Individuals could effect unauthorized or inadvertent changes to ACP global system options. This could result in the compromise of the confidentiality, integrity, and availability of the operating... |
V-100 | Low | Non-existent or inaccessible LINKLIST libraries. | LINKLIST libraries give a common access point for the general usage of modules. Many of the subsystems installed on a domain rely upon these modules for proper execution. If the list of... |
V-23 | Low | The REFRESH attribute must be restricted. | Unauthorized users may be able to effect changes to ACP system options. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or... |
V-158 | Low | There are LOGONIDs defined to ACF2 that do not have the required fields completed. | Within the LOGONID record, the users name and UID-string fields must be completed to ensure individual user accountability.
|
V-5605 | Low | Non-existent or inaccessible Link Pack Area (LPA) libraries. | LPA libraries give a common access point for the general usage of modules. Many of the subsystems installed on a domain rely upon these modules for proper execution. If the list of libraries... |
V-130 | Low | The APPLDEF GSO record if used has supporting documentation indicating the reason it was used. | The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The... |
V-169 | Low | LOGONIDS with the REFRESH attribute must have the SUSPEND attribute specified. | Unauthorized users may be able to effect changes to ACP global system options. This could result in the compromise of the confidentiality, integrity, and availability of the operating system,... |
V-167 | Low | There are GSO MAINT records that do not have corresponding maintenance LOGONIDs. | LOGONIDs could be intentionally created that correspond to the GSO MAINT records. Then the maintenance programs could be used to gain unauthorized access to the system. This could result in the... |
V-166 | Low | There are maintenance LOGONIDs that do not have corresponding GSO MAINT records. | Users may execute programs without ACP security checking or auditing. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, and... |