No profile (default benchmark)
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000080-GPOS-00048
Group -
The IBM RACF FACILITY resource class must be active.
IBM Provides the FACILITY Class for use in protecting a variety of features/functions/products both IBM and third-party. The FACILITY Class is not dedicated to any one specific use and is intended ...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
The IBM RACF OPERCMDS resource class must be active.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
The IBM RACF MCS consoles resource class must be active.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
IBM RACF CLASSACT SETROPTS must be specified for the TEMPDSN class.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
IBM RACF started tasks defined with the trusted attribute must be justified.
Trusted Started tasks bypass RACF checking. It is vital that this attribute is NOT granted to unauthorized Started Tasks which could then obtain unauthorized access to the system. This could result...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
IBM RACF USERIDs possessing the Tape Bypass Label Processing (BLP) privilege must be justified.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
IBM RACF DASD volume-level protection must be properly defined.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
IBM Sensitive Utility Controls must be properly defined and protected.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
IBM RACF Global Access Checking must be restricted to appropriate classes and resources.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
IBM RACF access to the System Master Catalog must be properly protected.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.