Sensitive CICS transactions are not protected in accordance with the proper security requirements.
An XCCDF Rule
Description
<VulnDiscussion>Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can access them. Unauthorized use can result in the compromise of the confidentiality, integrity, and availability of the operating system or customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-224313r855160_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The Systems Programmer and IAO will ensure the ACF2/CICS parameter PROTLIST is not coded.
Browse the ACF2/CICS data set allocated by the ACF2PARM DD statement in the JCL of each CICS procedure.
Make sure the PROTLIST parameter is not specified for all CICS regions.