Check: RACF-FT-000070
IBM z/OS RACF STIG:
RACF-FT-000070
(in versions v8 r14 through v7 r1)
Title
IBM z/OS FTP.DATA configuration statements for the FTP Server must be specified in accordance with requirements. (Cat II impact)
Discussion
This requirement is intended to cover both traditional interactive logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service-oriented architectures).
Check Content
Refer to the Data configuration file specified on the SYSFTPD DD statement in the FTP started task JCL. If the UMASK statement is coded with a value of 077, this is not a finding.
Fix Text
Configure the FTP configuration to include the UMASK statement with a value of 077. If the FTP Server requires a UMASK value less restrictive than 077, requirements should be justified and documented with the ISSO.
Additional Identifiers
Rule ID: SV-223739r604139_rule
Vulnerability ID: V-223739
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |