Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000329-GPOS-00128

    <GroupDescription></GroupDescription>
    Group
  • The CA-ACF2 PSWD GSO record values for MAXTRY and PASSLMT must be properly set.

    &lt;VulnDiscussion&gt;By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...
    Rule Medium Severity
  • SRG-OS-000063-GPOS-00032

    <GroupDescription></GroupDescription>
    Group
  • IBM z/OS SYS1.PARMLIB must be properly protected.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule High Severity
  • SRG-OS-000364-GPOS-00151

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must be installed, functional, and properly configured.

    &lt;VulnDiscussion&gt;Failure to provide logical access restrictions associated with changes to system configuration may have significant effects o...
    Rule High Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must limit Write and allocate access to the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) to system programmers only.

    &lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...
    Rule Medium Severity
  • SRG-OS-000080-GPOS-00048

    <GroupDescription></GroupDescription>
    Group
  • CA-ACF2 must limit Write or greater access to libraries that contain PPT modules to system programmers only.

    &lt;VulnDiscussion&gt;If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented...
    Rule Low Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The EXITS GSO record value must specify the module names of site written ACF2 exit routines.

    &lt;VulnDiscussion&gt;Configuring the operating system to implement organization-wide security implementation guides and security checklists ensure...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The CA-ACF2 LOGONID with the REFRESH attribute must have procedures for utilization.

    &lt;VulnDiscussion&gt;Configuring the operating system to implement organization-wide security implementation guides and security checklists ensure...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • IBM z/OS TSO GSO record values must be set to the values specified.

    &lt;VulnDiscussion&gt;Configuring the operating system to implement organization-wide security implementation guides and security checklists ensure...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • IBM z/OS procedures must restrict ACF2 LOGONIDs with the READALL attribute to auditors and/or authorized users.

    &lt;VulnDiscussion&gt;The use of security policy filters provides protection for the confidentiality of data by restricting the flow of data. A cru...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • IBM z/OS must have the RULEVLD and RSRCVLD attributes specified for LOGONIDs with the SECURITY attribute.

    &lt;VulnDiscussion&gt;The use of security policy filters provides protection for the confidentiality of data by restricting the flow of data. A cru...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules