ROSCOE configuration/parameter values are not specified properly.

From z/OS ROSCOE for ACF2 STIG

Part of ZB000040

Associated with IA controls: ECCD-2, ECCD-1

SV-21878r1_rule ROSCOE configuration/parameter values are not specified properly.

Vulnerability discussion

Product configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data.

Check content

a) Have the the products system programmer display the configuration/parameters control ststements used in the current runing product to define or enable security. This information is located in the SYSIN DD statement in the JCL of the STC/Batch job. Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZROS0040) b) Verify the following specifications: Keyword Value EXTSEC ACF2 ACFEXT YES CLLEXT YES JOBEXT YES LIBEXT YES MONEXT YES PRVEXT YES RPFEXT YES UPSEXT YES c) If (b) above is true, there is NO FINDING. d) If (b) above is untrue, this is a FINDING

Fix text

The product systems programmer will verify that any configuration / parameters that are required to control the security of the product are properly configured and syntactically correct. See the required parameters below: Example Keyword Value EXTSEC ACF2 ACFEXT YES CLLEXT YES JOBEXT YES LIBEXT YES MONEXT YES PRVEXT YES RPFEXT YES UPSEXT YES

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer