Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
z/OS IBM CICS Transaction Server for TSS Security Technical Implementation Guide
z/OS IBM CICS Transaction Server for TSS Security Technical Implementation Guide
An XCCDF Benchmark
Details
Profiles
Items
Prose
File Metadata
9 rules organized in 9 groups
SRG-OS-000259
1 Rule
CICS system data sets are not properly protected.
Medium Severity
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to CICS system data sets (i.e., product, security, and application libraries) could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.
SRG-OS-000080
1 Rule
Sensitive CICS transactions are not protected in accordance with security requirements.
Medium Severity
Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can access them. Unauthorized use can result in the compromise of the confidentiality, integrity, and availability of the operating system or customer data.
SRG-OS-000480
1 Rule
CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements.
Medium Severity
The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting the confidentiality, integrity, and availability of the CICS region, applications, and customer data.
SRG-OS-000104
1 Rule
CICS region logonid(s) must be defined and/or controlled in accordance with the security requirements.
Medium Severity
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and terminal users) may provide an exposure and vulnerability within the CICS environment. This could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.
SRG-OS-000104
1 Rule
CICS default logonid(s) must be defined and/or controlled in accordance with the security requirements.
Medium Severity
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and terminal users) may provide an exposure and vulnerability within the CICS environment. This could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.
SRG-OS-000029
1 Rule
CICS logonid(s) must be configured with proper timeout and signon limits.
Medium Severity
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and terminal users) may provide an exposure and vulnerability within the CICS environment. This could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.
SRG-OS-000018
1 Rule
IBM CICS Transaction Server SPI command resources must be properly defined and protected.
Medium Severity
IBM CICS Transaction Server can run with sensitive system privileges, and potentially can circumvent system controls. Failure to properly control access to product resources could result in the compromise of the operating system environment, and compromise the confidentiality of customer data. Many utilities assign resource controls that can be granted to systems programmers only in greater than read authority. Resources are also granted to certain non systems personnel with read only authority.
SRG-OS-000080
1 Rule
CICS userids are not defined and/or controlled in accordance with proper security requirements.
Medium Severity
CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or controlled CICS userids (i.e., region, default, and terminal users) may provide an exposure and vulnerability within the CICS environment. This could result in the compromise of the confidentiality, integrity, and availability of the CICS region, applications, and customer data.
SRG-OS-000480
1 Rule
Control options for the Top Secret CICS facilities must meet minimum requirements.
Medium Severity
TSS CICS facilities define the security controls in effect for CICS regions. Failure to code the appropriate values could result in degraded security. This exposure may result in unauthorized access impacting the confidentiality, integrity, and availability of the CICS region, applications, and customer data.