Key ACF2/CICS parameters must be properly coded.
An XCCDF Rule
Description
<VulnDiscussion>The ACF2/CICS parameters define the security controls in effect for CICS regions. Failure to code the appropriate values could result in degraded security. This exposure may result in unauthorized access impacting the confidentiality, integrity, and availability of the CICS region, applications, and customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-224311r868106_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Ensure the ACF2/CICS parameters are coded with values specified in the table entitled ACF2/CICS Parameters, in the zOS STIG Addendum.
Browse the ACF2/CICS data set allocated by the ACF2PARM DD statement in the JCL of each CICS procedure.
Ensure that all key ACF2/CICS parameters for every CICS region are coded as stated in the table entitled ACF2/CICS Parameters, in the zOS STIG Addendum.