IBM z/OS, for PKI-based authentication, must use the ICSF or ESM for key management.

An XCCDF Rule

Details
Profiles

Description

Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.

ID: SV-223811r998380_rule
Version: RACF-SH-000060
Severity: Medium
References: CCI-000187 CCI-004910
Updated: about 2 months ago

Remediation Templates

Define all Keys/Certificates to ICSF or the security database.

Remove all .kdb and .jks key files.

IBM z/OS, for PKI-based authentication, must use the ICSF or ESM for key management.

Description

Remediation Templates

A Manual Procedure