Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17985 | ZCA10060 | SV-40108r1_rule | DCCS-1 DCCS-2 ECSD-1 ECSD-2 | Medium |
Description |
---|
CA-1 Tape Management user exits, TMSUXnA and TMSUXnS, provide the capability to bypass or modify existing ACP controls. A review and evaluation of exit code must be performed to ensure that the integrity of the CA-1 processing environment is kept intact. Unauthorized usage of these exits may compromise the confidentiality and integrity of customer data. |
STIG | Date |
---|---|
z/OS CA 1 Tape Management for TSS STIG | 2015-01-15 |
Check Text ( C-20129r1_chk ) |
---|
Refer to the following report produced by the z/OS Data Collection: - CA1RPT(TMSCKLVL) Determine if CA 1 user exits, TMSUXnA and TMSUXnS (for r11.5 and below) or TMSXITA and TMSXITS (for r12.0 and above) are active. If both CA 1 user exits are not found, this is not a finding. If one or both are installed and the following requirements are true, this is not a finding. ___ The usage and function of the exit(s) is fully documented. ___ DISA Field Security Operations reviewed the exit code. ___ The use of the exit(s) is approved by DISA Field Security Operations. ___ All associated documentation is on file with the IAO. |
Fix Text (F-18239r1_fix) |
---|
Ensure that the site IAM has reviewed, evaluated, and approved the usage of CA 1 user exits, TMSUXnA and TMSUXnS (for r11.5 and below) or TMSXITA and TMSXITS (for r12.0 and above). If one or both are installed and the following requirements will be followed: The usage and function of the exit(s) is fully documented. DISA Field Security Operations reviewed the exit code. The use of the exit(s) is approved by DISA Field Security Operations. All associated documentation is on file with the IAO. |