IBM z/OS RACF Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
IBM z/OS data sets for the FTP server must be properly protected.
<VulnDiscussion>MVS data sets of the FTP Server provide the configuration and operational characteristics of this product. Failure to properl...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
<GroupDescription></GroupDescription>Group -
SRG-OS-000326-GPOS-00126
<GroupDescription></GroupDescription>Group -
SRG-OS-000073-GPOS-00041
<GroupDescription></GroupDescription>Group -
SRG-OS-000024-GPOS-00007
<GroupDescription></GroupDescription>Group -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
SRG-OS-000066-GPOS-00034
<GroupDescription></GroupDescription>Group -
SRG-OS-000104-GPOS-00051
<GroupDescription></GroupDescription>Group -
Certificate Name Filtering must be implemented with appropriate authorization and documentation.
<VulnDiscussion>To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to pre...Rule Medium Severity -
SRG-OS-000066-GPOS-00034
<GroupDescription></GroupDescription>Group -
Expired digital certificates must not be used.
<VulnDiscussion>The longer and more often a key is used, the more susceptible it is to loss or discovery. This weakens the assurance provided...Rule Medium Severity -
All digital certificates in use must have a valid path to a trusted certification authority (CA).
<VulnDiscussion>The origin of a certificate, or the CA, is crucial in determining if the certificate should be trusted. An approved CA establ...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
IBM RACF must limit Write or greater access to SYS1.NUCLEUS to system programmers only.
<VulnDiscussion>This data set contains a large portion of the system initialization (IPL) programs and pointers to the master and alternate m...Rule High Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
IBM RACF must limit Write or greater access to libraries that contain PPT modules to system programmers only.
<VulnDiscussion>Specific PPT designated program modules possess significant security bypass capabilities. Unauthorized access could result in...Rule Low Severity -
SRG-OS-000123-GPOS-00064
<GroupDescription></GroupDescription>Group -
IBM RACF emergency USERIDs must be properly defined.
<VulnDiscussion>Emergency accounts are privileged accounts that are established in response to crisis situations where the need for rapid acc...Rule Medium Severity -
SRG-OS-000004-GPOS-00004
<GroupDescription></GroupDescription>Group -
IBM RACF SETROPTS LOGOPTIONS must be properly configured.
<VulnDiscussion>Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.