Skip to content

IBM z/OS FTP.DATA configuration statements for the FTP Server must be specified in accordance with requirements.

An XCCDF Rule

Description

<VulnDiscussion>This requirement is intended to cover both traditional interactive logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service-oriented architectures).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-255895r877345_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure the FTP configuration to include the UMASK statement with a value of "077". 

If the FTP Server requires a UMASK value less restrictive than "077", requirements should be justified and documented with the ISSO.