Mainframe Product Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000112
Group -
SRG-APP-000115
Group -
The Mainframe Products must provide the capability to filter audit records for events of interest as defined in site security plan.
The ability to specify the event criteria that are of interest provides the persons reviewing the logs with the ability to quickly isolate and identify these events without having to review entries...Rule Medium Severity -
SRG-APP-000116
Group -
The Mainframe Products must use internal system clocks to generate time stamps for audit records.
Without an internal clock used as the reference for the time stored on each event to provide a trusted common reference for the time, forensic analysis would be impeded. Determining the correct tim...Rule Medium Severity -
SRG-APP-000118
Group -
SRG-APP-000119
Group -
SRG-APP-000120
Group -
The Mainframe Product must protect audit information from unauthorized deletion.
If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of audi...Rule Medium Severity -
SRG-APP-000121
Group -
SRG-APP-000122
Group -
The Mainframe Product must protect audit tools from unauthorized modification.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on au...Rule Medium Severity -
SRG-APP-000123
Group -
SRG-APP-000131
Group -
SRG-APP-000133
Group -
SRG-APP-000133
Group -
The Mainframe Product must limit privileges to change Mainframe Product started task and job datasets to system programmers and authorized users in accordance with applicable access control policies.
If the application were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a ...Rule Medium Severity -
SRG-APP-000133
Group -
SRG-APP-000141
Group -
SRG-APP-000148
Group -
SRG-APP-000149
Group -
The Mainframe Product must use multifactor authentication for network access to privileged accounts.
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentica...Rule Medium Severity -
SRG-APP-000150
Group -
SRG-APP-000151
Group -
SRG-APP-000152
Group -
SRG-APP-000153
Group -
The Mainframe Product must verify users are authenticated with an individual authenticator prior to using a group authenticator.
To ensure individual accountability and prevent unauthorized access, application users must be individually identified and authenticated. Individual accountability mandates that each user is uniq...Rule Medium Severity -
SRG-APP-000164
Group -
SRG-APP-000166
Group -
The Mainframe Product must enforce password complexity by requiring that at least one uppercase character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000167
Group -
SRG-APP-000168
Group -
The Mainframe Product must enforce password complexity by requiring that at least one numeric character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000169
Group -
SRG-APP-000170
Group -
The Mainframe Product must require the change of at least eight of the total number of characters when passwords are changed.
If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at ...Rule Medium Severity -
SRG-APP-000171
Group -
The Mainframe Product must store only cryptographically protected passwords.
Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily co...Rule Medium Severity -
SRG-APP-000172
Group -
SRG-APP-000173
Group -
SRG-APP-000174
Group -
SRG-APP-000175
Group -
SRG-APP-000176
Group -
The Mainframe Product, when using PKI-based authentication, must enforce authorized access to the corresponding private key.
If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure. The cornerstone of the PKI is the private key use...Rule Medium Severity -
SRG-APP-000177
Group -
The Mainframe Product must map the authenticated identity to the individual user or group account for PKI-based authentication.
Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.Rule Medium Severity -
SRG-APP-000178
Group -
SRG-APP-000179
Group -
SRG-APP-000180
Group -
The Mainframe Product must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
Lack of authentication and identification enables non-organizational users to gain access to the application or possibly other information systems and provides an opportunity for intruders to compr...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.