z/OS IBM CICS Transaction Server for ACF2 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000259
Group -
CICS system data sets are not properly protected.
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to CICS system data sets (i.e., product, security, an...Rule Medium Severity -
SRG-OS-000080
Group -
Sensitive CICS transactions are not protected in accordance with security requirements.
Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can acc...Rule Medium Severity -
SRG-OS-000480
Group -
SRG-OS-000104
Group -
CICS region logonid(s) must be defined and/or controlled in accordance with the security requirements.
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and...Rule Medium Severity -
SRG-OS-000104
Group -
CICS default logonid(s) must be defined and/or controlled in accordance with the security requirements.
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and...Rule Medium Severity -
SRG-OS-000029
Group -
CICS logonid(s) must be configured with proper timeout and signon limits.
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and...Rule Medium Severity -
SRG-OS-000259
Group -
ACF2/CICS parameter data sets are not protected in accordance with the proper security requirements.
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to ACF2/CICS parameter data sets (i.e., product, secu...Rule Medium Severity -
SRG-OS-000018
Group -
SRG-OS-000480
Group -
SRG-OS-000480
Group -
Key ACF2/CICS parameters must be properly coded.
The ACF2/CICS parameters define the security controls in effect for CICS regions. Failure to code the appropriate values could result in degraded security. This exposure may result in unauthorized ...Rule Medium Severity -
SRG-OS-000480
Group -
Sensitive CICS transactions are not protected in accordance with the proper security requirements.
Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can ac...Rule Medium Severity -
SRG-OS-000324
Group -
Sensitive CICS transactions are not protected in accordance with the proper security requirements.
Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can ac...Rule Medium Severity -
CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements.
The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the appropriate...Rule Medium Severity -
IBM CICS Transaction Server SPI command resources must be properly defined and protected.
IBM CICS Transaction Server can run with sensitive system privileges, and potentially can circumvent system controls. Failure to properly control access to product resources could result in the com...Rule Medium Severity -
CICS startup JCL statement is not specified in accordance with the proper security requirements.
The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the appropria...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.