I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000185-GPOS-00079
<GroupDescription></GroupDescription>Group -
ACF2 RESVOLS GSO record value must be set to Volmask(-). Any other setting requires documentation justifying the change.
<VulnDiscussion>The RESVOLS record defines DASD and mass storage volumes for which CA ACF2 is to provide protection at the data set name leve...Rule Medium Severity -
SRG-OS-000134-GPOS-00068
<GroupDescription></GroupDescription>Group -
ACF2 security data sets and/or databases must be properly protected.
<VulnDiscussion>An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform...Rule High Severity -
SRG-OS-000138-GPOS-00069
<GroupDescription></GroupDescription>Group -
ACF2 AUTOERAS GSO record value must be set to indicate that ACF2 is controlling the automatic physical erasure of VSAM or non VSAM data sets.
<VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of infor...Rule Medium Severity -
SRG-OS-000032-GPOS-00013
<GroupDescription></GroupDescription>Group -
IBM z/OS SMF recording options for the FTP Server must be configured to write SMF records for all eligible events.
<VulnDiscussion>Without establishing when events occurred, it is impossible to establish, correlate, and investigate the events leading up to...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
IBM z/OS data sets for the FTP Server must be properly protected.
<VulnDiscussion>To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
IBM z/OS permission bits and user audit bits for HFS objects that are part of the FTP Server component must be properly configured.
<VulnDiscussion>MVS data sets of the FTP Server provide the configuration and operational characteristics of this product. Failure to properl...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
<GroupDescription></GroupDescription>Group -
IBM z/OS FTP.DATA configuration statements must have a proper BANNER statement with the Standard Mandatory DoD Notice and Consent Banner.
<VulnDiscussion>Display of a standardized and approved use notification before granting access to the operating system ensures privacy and se...Rule Medium Severity -
SRG-OS-000228-GPOS-00088
<GroupDescription></GroupDescription>Group -
IBM z/OS FTP.DATA configuration statements for the FTP Server must specify the BANNER statement.
<VulnDiscussion>The structure and content of error messages must be carefully considered by the organization and development team. The extent...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
IBM z/OS FTP Control cards must be properly stored in a secure PDS file.
<VulnDiscussion>Configuring the operating system to implement organization-wide security implementation guides and security checklists ensure...Rule Medium Severity -
SRG-OS-000368-GPOS-00154
<GroupDescription></GroupDescription>Group -
The IBM z/OS TFTP Server program must be properly protected.
<VulnDiscussion>Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may pr...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.