From z/OS ACF2 STIG
Part of ZCICA025
Associated with IA controls: DCCS-1, DCCS-2, ECSD-2, ECSD-1
Associated with: CCI-002235
Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be protected so that only authorized users can access them. Unauthorized use can result in the compromise of the confidentiality, integrity, and availability of the operating system or customer data.
a) Refer to the following report produced by the z/OS Data Collection: - EXAM.RPT(CICSPROC) Refer to the CICS Systems Programmer Worksheets filled out from previous vulnerability ZCIC0010. b) Browse the ACF2/CICS data set allocated by the ACF2PARM DD statement in the JCL of each CICS procedure. c) If the PROTLIST parameter is not specified for all CICS regions, there is NO FINDING. d) If the PROTLIST parameter is specified for any CICS region, this is a FINDING.
The Systems Programmer and IAO will ensure the ACF2/CICS parameter PROTLIST is not coded. Browse the ACF2/CICS data set allocated by the ACF2PARM DD statement in the JCL of each CICS procedure. Make sure the PROTLIST parameter is not specified for all CICS regions.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer