Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-5627 | ITCP0025 | SV-5627r3_rule | DCCS-1 DCCS-2 PEPF-1 | Medium |
Description |
---|
If the hosts identified by NSINTERADDR statement are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the host and the hosts' components. Therefore, they can interfere with the normal operations of the host. Improper control of hosts and the hosts' components could compromise network operations. |
STIG | Date |
---|---|
z/OS TSS STIG | 2017-06-26 |
Check Text ( C-3122r2_chk ) |
---|
Refer to the Data configuration file specified on the SYSTCPD DD statement in the TCPIP started task JCL. Gather the following information for any NSINTERADDR statement coded in the TCP/IP Data configuration file: Identify the physical location of the host running a DNS server (i.e., on-site or off-site at organization, city, state). Obtain the description of the physical security controls used to limit access to the area where the host is located. Automated Analysis requires Additional Analysis. Refer to the following report produced by the IBM Communications Server Data Collection: - PDI(ITCP0025) Verify that if the NSINTERADDR statements are not specified in the TCP/IP Data configuration file, this is not applicable. Verify that the NSITERADDR statements specified in the TCP/IP Data configuration file. If the following guidance is true, this is not a finding. ___ The NSINTERADDR statements refer to hosts connected directly to networks within the physical premises of the host site. ___ The NSINTERADDR statements refer to hosts that are located in areas with physical access limited to authorized personnel. |
Fix Text (F-35826r1_fix) |
---|
The IAO will ensure that the hosts and the hosts components identified in the NSINTERADDR statement are protected. The IAO, with assistance from the system programmer, will ensure that any NSINTERADDR statements coded in the TCPIP.DATA file refer to hosts connected directly to networks within the physical premises of the host site and located in areas with physical access limited to authorized personnel. |