IBM z/OS TSS Security Technical Implementation Guide

ID Vuln ID Title Cat Status
TSS0-ES-000930 V-223966 CA-TSS Default ACID must be properly defined. Cat II
TSS0-ES-000870 V-223960 CA-TSS must use propagation control to eliminate ACID inheritance. Cat II
TSS0-ES-000980 V-223971 The CA-TSS PTHRESH Control Option must be properly set. Cat II
TSS0-SL-000030 V-224048 The IBM z/OS Syslog daemon must be properly defined and secured. Cat II
TSS0-UT-000040 V-224102 The IBM z/OS UNIX Telnet server Startup parameters must be properly specified. Cat II
TSS0-TN-000020 V-224066 IBM z/OS SMF recording options for the TN3270 Telnet server must be properly specified. Cat II
TSS0-OS-000010 V-223997 Duplicated IBM z/OS sensitive utilities and/or programs must not exist in APF libraries. Cat II
TSS0-TC-000050 V-224060 IBM z/OS Configuration files for the TCP/IP stack must be properly specified. Cat II
TSS0-TC-000040 V-224059 IBM z/OS data sets for the Base TCP/IP component must be properly protected. Cat II
TSS0-ES-000860 V-223959 The CA-TSS SUBACID Control Option must not be set to U,8. Cat II
TSS0-OS-000040 V-224000 The IBM z/OS BPX.SMF resource must be properly configured. Cat II
TSS0-ES-000110 V-223884 IBM z/OS for PKI-based authentication must use the ESM for key management. Cat II
TSS0-OS-000360 V-224032 IBM z/OS must employ a session manager to conceal, via the session lock, information previously visible on the display with a publicly viewable image. Cat II
TSS0-US-000090 V-224082 IBM z/OS UNIX HFS permission bits and audit bits for each directory must be properly protected. Cat II
TSS0-US-000150 V-224088 IBM z/OS UNIX security parameters in etc/profile must be properly specified. Cat II


Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.