UCF STIG Viewer Logo

CA 1 Tape Management user exits, when in use, must be reviewed and/or approved.


Overview

Finding ID Version Rule ID IA Controls Severity
V-224449 ZCA10060 SV-224449r519484_rule Medium
Description
CA-1 Tape Management user exits, TMSUXnA and TMSUXnS, provide the capability to bypass or modify existing ACP controls. A review and evaluation of exit code must be performed to ensure that the integrity of the CA-1 processing environment is kept intact. Unauthorized usage of these exits may compromise the confidentiality and integrity of customer data.
STIG Date
z/OS CA 1 Tape Management for RACF Security Technical Implementation Guide 2021-10-04

Details

Check Text ( C-26126r519482_chk )
Refer to the following report produced by the z/OS Data Collection:

- CA1RPT(TMSCKLVL)

Determine if CA 1 user exits, TMSUXnA and TMSUXnS (for r11.5 and below) or TMSXITA and TMSXITS (for r12.0 and above) are active.

If both CA 1 user exits are not found, this is not a finding.

If one or both user exits are installed and the following requirements are true, this is not a finding:

___ The usage and function of the user exit(s) is fully documented.
___ The use of the user exit(s) is approved.
___ All associated documentation is on file with the ISSO.
Fix Text (F-26114r519483_fix)
Ensure that the site ISSO has reviewed, evaluated, and approved the usage of CA 1 user exits, TMSUXnA and TMSUXnS (for r11.5 and below) or TMSXITA and TMSXITS (for r12.0 and above). If one or both user exits are installed and the following requirements will be followed:

The usage and function of the user exit(s) is fully documented.

The use of the user exit(s) is approved.

All associated documentation is on file with the ISSO.