Skip to content
Log In

Mainframe Product Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000181

    Group
    Show

  • The Mainframe Product must provide an audit reduction capability that supports on-demand reporting requirements.

    The ability to generate on-demand reports, including after the audit data has been subjected to audit reduction, greatly facilitates the organization's ability to generate incident reports as neede...
    Rule Medium Severity
    Show

  • SRG-APP-000206

    Group
    Show

  • SRG-APP-000207

    Group
    Show

  • SRG-APP-000209

    Group
    Show

  • SRG-APP-000210

    Group
    Show

  • SRG-APP-000211

    Group
    Show

  • SRG-APP-000225

    Group
    Show

  • The Mainframe Product must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

    Failure to a known safe state helps prevent systems from failing to a state that may cause loss of data or unauthorized access to system resources. Applications or systems that fail suddenly and wi...
    Rule Medium Severity
    Show

  • SRG-APP-000226

    Group
    Show

  • SRG-APP-000231

    Group
    Show

  • SRG-APP-000233

    Group
    Show

  • The Mainframe Product must isolate security functions from nonsecurity functions.

    An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions. Security functions are the hardware, software, an...
    Rule Medium Severity
    Show

  • SRG-APP-000234

    Group
    Show

  • SRG-APP-000251

    Group
    Show

  • The Mainframe Product must check the validity of all data inputs except those specifically identified by the organization.

    Invalid user input occurs when a user inserts data or characters into an application's data entry fields and the application is unprepared to process that data. This results in unanticipated applic...
    Rule Medium Severity
    Show

  • SRG-APP-000266

    Group
    Show

  • SRG-APP-000267

    Group
    Show

  • The Mainframe Product must reveal full-text detail error messages only to system programmers and/or security administrators.

    Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the application. Additional...
    Rule Medium Severity
    Show

  • SRG-APP-000272

    Group
    Show

  • The Mainframe Product must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy.

    Malicious software detection applications need to be constantly updated in order to identify new threats as they are discovered. All malicious software detection software must come with an update...
    Rule Medium Severity
    Show

  • SRG-APP-000275

    Group
    Show

  • SRG-APP-000276

    Group
    Show

  • The Mainframe Product must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management procedures.

    Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code specific to mainframes may be any code that corrupts system files. The code provides the ability for a malicious u...
    Rule Medium Severity
    Show

  • SRG-APP-000277

    Group
    Show

  • The Mainframe Product must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days.

    Malicious code protection mechanisms include, but are not limited to, anti-virus and malware detection software. Malicious code protection mechanisms specific to Mainframe Products are designed to ...
    Rule Medium Severity
    Show

  • SRG-APP-000290

    Group
    Show

  • The Mainframe Product must use cryptographic mechanisms to protect the integrity of audit tools.

    Protecting the integrity of the tools used for auditing purposes is a critical step to ensuring the integrity of audit data. Audit data includes all information (e.g., audit records, audit settings...
    Rule Medium Severity
    Show

  • SRG-APP-000291

    Group
    Show

  • SRG-APP-000292

    Group
    Show

  • SRG-APP-000293

    Group
    Show

  • The Mainframe Product must notify system programmers and security administrators for account disabling actions.

    When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying the application processes themselves. Sending notif...
    Rule Medium Severity
    Show

  • SRG-APP-000294

    Group
    Show

  • SRG-APP-000295

    Group
    Show

  • SRG-APP-000296

    Group
    Show

  • Mainframe Products requiring user access authentication must provide a logoff capability for a user-initiated communication session.

    If a user cannot explicitly end an application session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Information resources to which users g...
    Rule Medium Severity
    Show

  • SRG-APP-000297

    Group
    Show

  • SRG-APP-000311

    Group
    Show

  • SRG-APP-000313

    Group
    Show

  • SRG-APP-000317

    Group
    Show

  • The Mainframe Product must terminate shared/group account credentials when members leave the group.

    If shared/group account credentials are not terminated when individuals leave the group, the user that left the group can still gain access even though they are no longer authorized. A shared/group...
    Rule Medium Severity
    Show

  • SRG-APP-000319

    Group
    Show

  • The Mainframe Product must automatically audit account enabling actions.

    Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to simply ...
    Rule Medium Severity
    Show

  • SRG-APP-000320

    Group
    Show

  • SRG-APP-000328

    Group
    Show

  • The Mainframe Product must enforce organization-defined discretionary access control policies over defined subjects and objects.

    Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which...
    Rule Medium Severity
    Show

  • SRG-APP-000340

    Group
    Show

  • SRG-APP-000342

    Group
    Show

  • The Mainframe Product must prevent software as identified in the site security plan from executing at higher privilege levels than users executing the software.

    In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level...
    Rule Medium Severity
    Show

  • SRG-APP-000343

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules