Skip to content
Log In

IBM z/OS TSS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • CA-TSS must limit access to SYSTEM DUMP data sets to system programmers only.

    System DUMP data sets are used to record system data areas and virtual storage associated with system task failures. Unauthorized access could result in the compromise of the operating system envir...
    Rule Medium Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • CA-TSS must limit access to SYS(x).TRACE to system programmers only.

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule Medium Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • CA-TSS must limit access to System page data sets (i.e., PLPA, COMMON, and LOCALx) to system programmers only.

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule Medium Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000324-GPOS-00125

    Group
    Show

  • CA-TSS must limit all system PROCLIB data sets to system programmers only and appropriate authorized users.

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule High Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • IBM z/OS must protect dynamic lists in accordance with proper security requirements.

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule High Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • IBM z/OS MCS consoles access authorization(s) for CONSOLE resource(s) must be properly protected.

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule Medium Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • CA-TSS must properly define users that have access to the CONSOLE resource in the TSOAUTH resource class.

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule Medium Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • IBM z/OS Operating system commands (MVS.) of the OPERCMDS resource class must be properly owned.

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule Medium Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • Access to the CA-TSS MODE resource class must be appropriate.

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule High Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • CA-TSS ACIDs must not have access to FAC(*ALL*).

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule Medium Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • IBM z/OS DASD Volume access greater than CREATE found in the CA-TSS database must be limited to authorized information technology personnel requiring access to perform their job duties.

    To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...
    Rule High Severity
    Show

  • SRG-OS-000080-GPOS-00048

    Group
    Show

  • SRG-OS-000480-GPOS-00229

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The CA-TSS CANCEL Control Option must not be specified.

    Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security ba...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The CA-TSS HPBPW Control Option must be set to three days maximum.

    Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security ba...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The CA-TSS INSTDATA Control Option must be set to 0.

    Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security ba...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The CA-TSS OPTIONS Control Option must include option 4 at a minimum.

    Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security ba...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The number of CA-TSS ACIDs with MISC9 authority must be justified.

    Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture and/or functionality of the system....
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The CA-TSS Automatic Data Set Protection (ADSP) Control Option must be set to NO.

    Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security ba...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules