UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A CMP (Change Management Process) is not being utilized on this system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-82 AAMV0010 SV-82r2_rule DCCS-1 DCCS-2 ECSD-1 ECSD-2 Low
Description
Without proper tracking of changes to the operating system software environment, its processing integrity and availability are subject to compromise.
STIG Date
z/OS RACF STIG 2017-03-22

Details

Check Text ( C-630r1_chk )
a) Refer to the following report produced by the z/OS Data Collection:

- EXAM.RPT(SMPERPT)

b) Invoke the CA-EXAMINE application from within ISPF/PDF. This is typically done by executing %EXAMINE from ISPF/PDF option 6.

From the CA EXAMINE primary menu, enter 2.3.3 from the command line to display the INSTALLED PRODUCTS SELECTION menu. Enter a hyphen (-) for all optional search criteria fields and a valid SMP/E CSI name. Repeat this step for all applicable SMP/E CSI names.

NOTE 1: CSI names can be obtained from the SMPERPT report or by leaving the CSI name field blank and allowing CA-EXAMINE to compile a list of cataloged CSI data sets from which to choose.

NOTE 2: SMP/E CSIs may not be present on this domain. If the site uses another domain to install products via SMP/E, and then copies the SMP/E product installation libraries to this domain, this is acceptable.

Review the domain where the SMP/E environment resides and compare it against the domain being reviewed for compliance.

The z/OS Vendor recommends that all products with the capability for installation via IBM’s SMP/E process will be installed and maintained using that process.

c) If the entries contained in the SMP/E CSIs accurately reflect the operating system software environment, there is NO FINDING.

d) If the entries contained in the SMP/E CSIs do not accurately reflect the operating system software environment, this is a FINDING.
Fix Text (F-18440r1_fix)
The systems programmer responsible for supporting changes to the software will ensure that all changes and updates are tracked and maintained using a CMP. Obtain/locate all applicable SMP/E data sets (e.g., CSI, PTS, etc.). Ensure that all entries contained in the SMP/E configuration are matched with the operating system environment. Verify with the Systems programmer that the components of the operating system are controlled through a CMP.
Note: Many systems are created from a base system that is controlled by a change management program. Be sure to note that the system has been maintained based on this process.