z/OS IBM CICS Transaction Server for TSS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000080
<GroupDescription></GroupDescription>Group -
Sensitive CICS transactions are not protected in accordance with security requirements.
<VulnDiscussion>Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. T...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements.
<VulnDiscussion>The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters co...Rule Medium Severity -
SRG-OS-000104
<GroupDescription></GroupDescription>Group -
CICS region logonid(s) must be defined and/or controlled in accordance with the security requirements.
<VulnDiscussion>CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. I...Rule Medium Severity -
SRG-OS-000104
<GroupDescription></GroupDescription>Group -
CICS default logonid(s) must be defined and/or controlled in accordance with the security requirements.
<VulnDiscussion>CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. I...Rule Medium Severity -
SRG-OS-000029
<GroupDescription></GroupDescription>Group -
CICS logonid(s) must be configured with proper timeout and signon limits.
<VulnDiscussion>CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. I...Rule Medium Severity -
SRG-OS-000018
<GroupDescription></GroupDescription>Group -
IBM CICS Transaction Server SPI command resources must be properly defined and protected.
<VulnDiscussion>IBM CICS Transaction Server can run with sensitive system privileges, and potentially can circumvent system controls. Failur...Rule Medium Severity -
SRG-OS-000080
<GroupDescription></GroupDescription>Group -
CICS userids are not defined and/or controlled in accordance with proper security requirements.
<VulnDiscussion>CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. I...Rule Medium Severity -
SRG-OS-000480
<GroupDescription></GroupDescription>Group -
Control options for the Top Secret CICS facilities must meet minimum requirements.
<VulnDiscussion>TSS CICS facilities define the security controls in effect for CICS regions. Failure to code the appropriate values could res...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.