UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

RJE workstations and NJE nodes are not controlled in accordance with STIG requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6918 ZJES0014 SV-7318r2_rule DCCS-1 DCCS-2 Medium
Description
JES2 RJE workstations and NJE nodes provide a method of sending and receiving data (e.g., jobs, job output, and commands) from remote locations. Failure to properly identify and control these remote facilities could result in unauthorized sources transmitting data to and from the operating system. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.
STIG Date
z/OS RACF STIG 2017-03-22

Details

Check Text ( C-3304r1_chk )
a) Refer to the following report produced by the OS/390 Data Collection:

- PARMLIB(JES2 parameters)

Refer to the following report produced by the RACF Data Collection:

- SENSITVE.RPT(FACILITY)

b) Review the following resource definitions in the FACILITY resource class:

NJE.*
RJE.*
NJE.nodename
RJE.workstation

NOTE 1: Nodename is the NAME parameter value specified on the NODE statement. Review the JES2 parameters for NJE node definitions by searching for NODE( in the report.

NOTE 2: Workstation is RMTnnnn, where nnnn is the number on the RMT statement. Review the JES2 parameters for RJE workstation definitions by searching for RMT( in the report.

c) If all JES2 defined NJE nodes and RJE workstations have a profile defined in the FACILITY resource class, there is NO FINDING.

NOTE: NJE.* and RJE.* profiles will force userid and password protection of all NJE and RJE connections respectively. This method is acceptable in lieu of using discrete profiles.

d) If any JES2 defined NJE node or RJE workstation does not have a profile defined in the FACILITY resource class, this is a FINDING.
Fix Text (F-6627r1_fix)
Ensure associated USERIDs exist for all RJE/NJE sources and review the authorizations for these remote facilities. Develop a plan of action and implement the changes as required by the OS/390 STIG.