Mainframe Product Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Mainframe Product must audit the execution of privileged functions.
Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and...Rule Medium Severity -
The mainframe product must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
In order to ensure applications have a sufficient storage capacity in which to write the audit logs, applications need to be able to allocate audit record storage capacity. The task of allocating...Rule Medium Severity -
The Mainframe Product must provide an immediate warning to the system programmer and security administrator (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
If security personnel are not notified immediately upon storage volume utilization reaching 75 percent, they are unable to plan for storage capacity expansion.Rule Medium Severity -
The Mainframe Product must provide an audit reduction capability that supports on-demand audit review and analysis.
The ability to perform on-demand audit review and analysis, including after the audit data has been subjected to audit reduction, greatly facilitates the organization's ability to generate incident...Rule Medium Severity -
The Mainframe Product must provide a report generation capability that supports on-demand audit review and analysis.
The report generation capability must support on-demand review and analysis in order to facilitate the organization's ability to generate incident reports as needed to better handle larger-scale or...Rule Medium Severity -
The Mainframe Product must provide a report generation capability that supports after-the-fact investigations of security incidents.
If the report generation capability does not support after-the-fact investigations, it is difficult to establish, correlate, and investigate the events leading up to an outage or attack, or identif...Rule Medium Severity -
The Mainframe Product must provide an audit reduction capability that does not alter original content or time ordering of audit records.
If the audit reduction capability alters the content or time ordering of audit records, the integrity of the audit records is compromised, and the records are no longer usable for forensic analysis...Rule Medium Severity -
The Mainframe Product must provide a report generation capability that does not alter original content or time ordering of audit records.
If the audit report generation capability alters the original content or time ordering of audit records, the integrity of the audit records is compromised, and the records are no longer usable for ...Rule Medium Severity -
The Mainframe Product must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner.
Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the system. Changes to information system configurations can h...Rule Medium Severity -
The Mainframe Product must audit the enforcement actions used to restrict access associated with changes to the application.
Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be available...Rule Medium Severity -
The Mainframe Product must accept Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
The Mainframe Product must electronically verify Personal Identity Verification (PIV) credentials.
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication f...Rule Medium Severity -
The Mainframe Product must accept Personal Identity Verification (PIV) credentials from other federal agencies.
Access may be denied to authorized users if federal agency PIV credentials are not accepted. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 ...Rule Medium Severity -
The Mainframe Product must electronically verify Personal Identity Verification (PIV) credentials from other federal agencies.
Inappropriate access may be granted to unauthorized users if federal agency PIV credentials are not electronically verified. PIV credentials are those credentials issued by federal agencies that ...Rule Medium Severity -
The Mainframe Product must accept Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials.
Access may be denied to legitimate users if FICAM-approved third-party credentials are not accepted. This requirement typically applies to organizational information systems that are accessible t...Rule Medium Severity -
Mainframe Products must audit nonlocal maintenance and diagnostic sessions audit events as defined in site security plan.
If events associated with nonlocal administrative access or diagnostic sessions are not logged and audited, a major tool for assessing and investigating attacks would not be available. This requir...Rule Medium Severity -
Mainframe Products must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.
Privileged access contains control and configuration information which is particularly sensitive, so additional protections are necessary. This is maintained by using cryptographic mechanisms to pr...Rule Medium Severity -
The Mainframe Product must implement privileged access authorization to all information systems and infrastructure components for selected vulnerability scanning activities as defined in the site security plan.
In certain situations, the nature of the vulnerability scanning may be more intrusive, or the information system component that is the subject of the scanning may contain highly sensitive informati...Rule Medium Severity -
The Mainframe Product must implement cryptographic mechanisms to prevent unauthorized disclosure of all information not cleared for public release at rest on system components outside of organization facilities.
Applications handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. Selection of a ...Rule High Severity -
The Mainframe Product must implement security safeguards to protect its memory from unauthorized code execution.
Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory incl...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.