| V-224303 | Medium | Sensitive CICS transactions are not protected in accordance with security requirements. | Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can... |
| V-224302 | Medium | CICS system data sets are not properly protected. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to CICS system data sets (i.e., product, security,... |
| V-224313 | Medium | Sensitive CICS transactions are not protected in accordance with the proper security requirements. | Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can... |
| V-224312 | Medium | Sensitive CICS transactions are not protected in accordance with the proper security requirements. | Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can... |
| V-224311 | Medium | Key ACF2/CICS parameters must be properly coded. | The ACF2/CICS parameters define the security controls in effect for CICS regions. Failure to code the appropriate values could result in degraded security. This exposure may result in unauthorized... |
| V-224310 | Medium | CICS startup JCL statement is not specified in accordance with the proper security requirements. | The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the... |
| V-224304 | Medium | CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements. | The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the... |
| V-224305 | Medium | CICS region logonid(s) must be defined and/or controlled in accordance with the security requirements. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default,... |
| V-224306 | Medium | CICS default logonid(s) must be defined and/or controlled in accordance with the security requirements. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default,... |
| V-224307 | Medium | CICS logonid(s) must be configured with proper timeout and signon limits. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default,... |
| V-224308 | Medium | ACF2/CICS parameter data sets are not protected in accordance with the proper security requirements. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to ACF2/CICS parameter data sets (i.e., product,... |
| V-224309 | Medium | IBM CICS Transaction Server SPI command resources must be properly defined and protected. | IBM CICS Transaction Server can run with sensitive system privileges, and potentially can circumvent system controls. Failure to properly control access to product resources could result in the... |
