Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6918 | ZJES0014 | SV-7320r2_rule | Medium |
Description |
---|
JES2 RJE workstations and NJE nodes provide a method of sending and receiving data (e.g., jobs, job output, and commands) from remote locations. Failure to properly identify and control these remote facilities could result in unauthorized sources transmitting data to and from the operating system. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data. |
STIG | Date |
---|---|
z/OS TSS STIG | 2017-06-26 |
Check Text ( C-3305r1_chk ) |
---|
Remote Resource Authorizations a) Refer to the following report produced by the OS/390 Data Collection: - PARMLIB(JES2 parameters) Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(WHOOIBMF) b) Review the following resource definitions in the IBMFAC resource class: NJE. RJE. NJE.nodename RJE.workstation NOTE 1: Nodename is the NAME parameter value specified on the NODE statement. Review the JES2 parameters for NJE node definitions by searching for NODE( in the report. NOTE 2: Workstation is RMTnnnn, where nnnn is the number on the RMT statement. Review the JES2 parameters for RJE workstation definitions by searching for RMT( in the report. c) If all JES2 defined NJE nodes and RJE workstations are owned in the IBMFAC class, there is NO FINDING. NOTE: NJE. and RJE. definitions will force logonid and password protection of all NJE and RJE connections respectively. This method is acceptable in lieu of using discrete profiles. d) If any JES2 defined NJE node or RJE workstation is not owned in the IBMFAC class, this is a FINDING. |
Fix Text (F-6627r1_fix) |
---|
Ensure associated USERIDs exist for all RJE/NJE sources and review the authorizations for these remote facilities. Develop a plan of action and implement the changes as required by the OS/390 STIG. |