Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17469 | ZCLST036 | SV-27240r1_rule | ECCD-1 ECCD-2 | Medium |
Description |
---|
Improperly defined security controls for the Product could result in the compromise of the network, operating system, and customer data. |
STIG | Date |
---|---|
z/OS CL/SuperSession for TSS STIG | 2015-03-30 |
Check Text ( C-3215r1_chk ) |
---|
a) Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(FACLIST) - Preferred report containing all control option values in effect including default values - TSSCMDS.RPT(TSSPRMFL) - Alternate report containing only control option values explicitly coded at TSS startup b) If KLS is properly defined in the Facility Matrix table, there is NO FINDING: c) If KLS is improperly defined in the Facility Matrix table, this is a FINDING. |
Fix Text (F-6659r1_fix) |
---|
Define the CT/Engine started task name KLS as a Facility to TOP SECRET in the Facility Matrix Table using the following example: *KLS CL/SUPERSESSION FACILITY(USERxx=NAME=KLS) FACILITY(KLS=MODE=FAIL,ACTIVE,SHRPRF) FACILITY(KLS=PGM=KLV,NOASUBM,NOABEND,NOXDEF) FACILITY(KLS=ID=xx,MULTIUSER,RES,LUMSG,STMSG,WARNPW,SIGN(M)) FACILITY(KLS=NOINSTDATA,NORNDPW,AUTHINIT,NOPROMPT,NOAUDIT) FACILITY(KLS=NOTSOC,LOG(INIT,SMF,MSG,SEC9)) |