RJE workstations and NJE nodes are not controlled in accordance with STIG requirements.

From z/OS RACF STIG

Part of ZJES0014

Associated with IA controls: DCCS-1, DCCS-2

Associated with: CCI-000213

SV-7318r2_rule RJE workstations and NJE nodes are not controlled in accordance with STIG requirements.

Vulnerability discussion

JES2 RJE workstations and NJE nodes provide a method of sending and receiving data (e.g., jobs, job output, and commands) from remote locations. Failure to properly identify and control these remote facilities could result in unauthorized sources transmitting data to and from the operating system. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.

Check content

a) Refer to the following report produced by the OS/390 Data Collection: - PARMLIB(JES2 parameters) Refer to the following report produced by the RACF Data Collection: - SENSITVE.RPT(FACILITY) b) Review the following resource definitions in the FACILITY resource class: NJE.* RJE.* NJE.nodename RJE.workstation NOTE 1: Nodename is the NAME parameter value specified on the NODE statement. Review the JES2 parameters for NJE node definitions by searching for NODE( in the report. NOTE 2: Workstation is RMTnnnn, where nnnn is the number on the RMT statement. Review the JES2 parameters for RJE workstation definitions by searching for RMT( in the report. c) If all JES2 defined NJE nodes and RJE workstations have a profile defined in the FACILITY resource class, there is NO FINDING. NOTE: NJE.* and RJE.* profiles will force userid and password protection of all NJE and RJE connections respectively. This method is acceptable in lieu of using discrete profiles. d) If any JES2 defined NJE node or RJE workstation does not have a profile defined in the FACILITY resource class, this is a FINDING.

Fix text

Ensure associated USERIDs exist for all RJE/NJE sources and review the authorizations for these remote facilities. Develop a plan of action and implement the changes as required by the OS/390 STIG.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer