Skip to content

II - Mission Support Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000023-MFP-000033

    <GroupDescription></GroupDescription>
    Group
  • The IBM Security zSecure Suite products must use an external security manager (RACF, ACF2, or TSS) for all account management functions.

    &lt;VulnDiscussion&gt;Enterprise environments make application account management challenging and complex. A manual process for account management ...
    Rule High Severity
  • SRG-APP-000133-MFP-000192

    <GroupDescription></GroupDescription>
    Group
  • Access to zSecure installation data must be properly restricted and logged.

    &lt;VulnDiscussion&gt;If the zSecure application were to allow any user to make changes to software libraries, those changes might be implemented w...
    Rule Medium Severity
  • SRG-APP-000133-MFP-000193

    <GroupDescription></GroupDescription>
    Group
  • Access to IBM Security zSecure STC data sets must be properly restricted and logged.

    &lt;VulnDiscussion&gt;IBM Security zSecure STC have the ability to use privileged functions and/or have access to sensitive data. Failure to proper...
    Rule Medium Severity
  • SRG-APP-000133-MFP-000194

    <GroupDescription></GroupDescription>
    Group
  • IBM Security zSecure access to user data sets must be properly restricted and logged.

    &lt;VulnDiscussion&gt;If zSecure were to allow inappropriate reading or updating of user data sets, sensitive information could be disclosed, or ch...
    Rule Medium Severity
  • SRG-APP-000148-MFP-000206

    <GroupDescription></GroupDescription>
    Group
  • Started tasks for zSecure products must be properly defined.

    &lt;VulnDiscussion&gt;Started tasks and batch job IDs can be automatically revoked accidentally if not properly protected. When properly protected ...
    Rule Medium Severity
  • SRG-APP-000211-MFP-000283

    <GroupDescription></GroupDescription>
    Group
  • Access to IBM Security zSecure program resources must be limited to authorized users.

    &lt;VulnDiscussion&gt;Functional access (which is controlled with access to XFACILIT profiles) must not commingle multiple functions under a single...
    Rule Medium Severity
  • SRG-APP-000340-MFP-000088

    <GroupDescription></GroupDescription>
    Group
  • zSecure must prevent nonprivileged users from executing privileged zSecure functions.

    &lt;VulnDiscussion&gt;Preventing nonprivileged users from executing privileged zSecure functions mitigates the risk that unauthorized individuals o...
    Rule Medium Severity
  • SRG-APP-000342-MFP-000090

    <GroupDescription></GroupDescription>
    Group
  • The zSecure programs CKFCOLL and CKGRACF, and the APF-authorized version of program CKRCARLA, must be restricted to security administrators, security batch jobs performing External Security Manager (ESM) maintenance, auditors, and systems programmers, and audited.

    &lt;VulnDiscussion&gt;Users authorized to use the zSecure program CKFCOLL can collect z/OS system information that is not accessible to regular use...
    Rule Medium Severity
  • SRG-APP-000379-MFP-000186

    <GroupDescription></GroupDescription>
    Group
  • IBM Security zSecure must implement organization-defined automated security responses if baseline zSecure configurations are changed in an unauthorized manner.

    &lt;VulnDiscussion&gt;Unauthorized changes to the zSecure baseline configuration could make the system vulnerable to various attacks or allow unaut...
    Rule Medium Severity
  • SRG-APP-000454-MFP-000343

    <GroupDescription></GroupDescription>
    Group
  • IBM Security zSecure must remove all upgraded/replaced zSecure software components that are no longer required for operation after updated versions have been installed.

    &lt;VulnDiscussion&gt;Previous versions of zSecure products and components that are not removed from the information system after updates have been...
    Rule Medium Severity
  • SRG-APP-000456-MFP-000345

    <GroupDescription></GroupDescription>
    Group
  • IBM Security zSecure system administrators must install security-relevant zSecure software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs).

    &lt;VulnDiscussion&gt;Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products t...
    Rule Medium Severity
  • SRG-APP-000516-MFP-000195

    <GroupDescription></GroupDescription>
    Group
  • XFACILIT class, or alternate class if specified in module CKRSITE, must be active.

    &lt;VulnDiscussion&gt;The zSecure resource class that is configured for the zSecure access checks must be active to receive valid Allow/Deny respon...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules