From z/OS CA 1 Tape Management for RACF STIG
Part of ZB000060
Associated with IA controls: DCCS-1, DCCS-2, ECSD-2, ECSD-1
CA-1 Tape Management user exits, TMSUXnA and TMSUXnS, provide the capability to bypass or modify existing ACP controls. A review and evaluation of exit code must be performed to ensure that the integrity of the CA-1 processing environment is kept intact. Unauthorized usage of these exits may compromise the confidentiality and integrity of customer data.
Refer to the following report produced by the z/OS Data Collection: - CA1RPT(TMSCKLVL) Determine if CA 1 user exits, TMSUXnA and TMSUXnS (for r11.5 and below) or TMSXITA and TMSXITS (for r12.0 and above) are active. If both CA 1 user exits are not found, this is not a finding. If one or both are installed and the following requirements are true, this is not a finding. ___ The usage and function of the exit(s) is fully documented. ___ DISA Field Security Operations reviewed the exit code. ___ The use of the exit(s) is approved by DISA Field Security Operations. ___ All associated documentation is on file with the IAO.
Ensure that the site IAM has reviewed, evaluated, and approved the usage of CA 1 user exits, TMSUXnA and TMSUXnS (for r11.5 and below) or TMSXITA and TMSXITS (for r12.0 and above). If one or both are installed and the following requirements will be followed: The usage and function of the exit(s) is fully documented. DISA Field Security Operations reviewed the exit code. The use of the exit(s) is approved by DISA Field Security Operations. All associated documentation is on file with the IAO.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer