CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements.
An XCCDF Rule
Description
<VulnDiscussion>The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting the confidentiality, integrity, and availability of the CICS region, applications, and customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-224731r868631_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Ensure that CICS System Initialization Table (SIT) parameter values are specified using the following guidance.
The system initialization parameters are processed in the following order, with later system initialization parameter values overriding those specified earlier. CICS system initialization parameters are specified in the following ways:
In the system initialization table, loaded from a library in the STEPLIB concatenation of the CICS startup procedure.
In the PARM parameter of the EXEC PGM=DFHSIP statement of the CICS startup procedure.