UCF STIG Viewer Logo

z/OS IBM CICS Transaction Server for RACF Security Technical Implementation Guide


Overview

Date Finding Count (9)
2021-12-14 CAT I (High): 0 CAT II (Med): 9 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-224500 Medium CICS regions are improperly protected to prevent unauthorized propagation of the region userid.
V-224494 Medium CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements.
V-224495 Medium CICS region logonid(s) must be defined and/or controlled in accordance with the security requirements.
V-224496 Medium CICS default logonid(s) must be defined and/or controlled in accordance with the security requirements.
V-224497 Medium CICS logonid(s) must have time-out limit set to 15 minutes.
V-224492 Medium CICS system data sets are not properly protected.
V-224493 Medium Sensitive CICS transactions are not protected in accordance with security requirements.
V-224498 Medium IBM CICS Transaction Server SPI command resources must be properly defined and protected.
V-224499 Medium External RACF Classes are not active for CICS transaction checking.