The IBM z/OS Policy Agent must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.

An XCCDF Rule

Details
Profiles

Description

Failure to restrict network connectivity only to authorized systems permits inbound connections from malicious systems. It also permits outbound connections that may facilitate exfiltration of DoD data.

ID: SV-223780r991593_rule
Version: RACF-OS-000240
Severity: Medium
References: CCI-000366 CCI-002080
Updated: about 2 months ago

Remediation Templates

Develop a policy application and policy agent to employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.

The IBM z/OS Policy Agent must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.

Description

Remediation Templates

A Manual Procedure