UCF STIG Viewer Logo

ROSCOE configuration/parameter values are not specified properly.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18014 ZROST040 SV-23714r1_rule ECCD-1 ECCD-2 Medium
Description
Product configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data.
STIG Date
z/OS ROSCOE for TSS STIG 2015-01-15

Details

Check Text ( C-3086r1_chk )
a) Have the the product system programmer display the configuration/parameter control statements used in the current running product to define or enable security. This information is located in the SYSIN DD statement in the JCL of the STC/Batch job.

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZROS0040)

b) Verify the following specifications:

Keyword Value
EXTSEC TSS
ACFEXT YES
CLLEXT YES
JOBEXT YES
LIBEXT YES
MONEXT YES
PRVEXT YES
RPFEXT YES
UPSEXT YES

c) If (b) above is true, there is NO FINDING.

d) If (b) above is untrue, this is a FINDING
Fix Text (F-22635r1_fix)
The product system programmer will verify that any configuration / parameters that are required to control the security of the product are properly configured and syntactically correct.

See the required parameters below: Example

Keyword Value
EXTSEC TSS
ACFEXT YES
CLLEXT YES
JOBEXT YES
LIBEXT YES
MONEXT YES
PRVEXT YES
RPFEXT YES
UPSEXT YES