Check: RACF-FT-000065
      
      
        
  IBM z/OS RACF STIG:
  RACF-FT-000065
  
    (in versions v9 r5 through v9 r4)
  
      
      
    
  Title
IBM z/OS FTP Control cards must be properly stored in a secure PDS file. (Cat II impact)
Discussion
Configuring the operating system to implement organizationwide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DOD that reflects the most restrictive security posture consistent with operational requirements.
Check Content
Provide a list(s) of the locations for all FTP Control cards within a given application/AIS, ensuring no FTP control cards are within in-stream JCL, JCL libraries, or any open access data sets. The list(s) must indicate which application uses the PDS and access requirements for those PDSs (who and what level of access). Lists/spreadsheets used for documenting the meeting of this requirement must be maintained by the responsible Application/AIS Team, available upon request and not maintained by the Mainframe ISSO. Obtain the list/spreadsheet from the Application/AIS Team. Access to FTP scripts and/or data files located on host system(s) that contain FTP userid and or password will be restricted to those individuals responsible for the application connectivity and who have a legitimate requirement to know the userid and password on a remote system. FTP Control Cards within in-stream JCL, within JCL libraries, or open access libraries/data sets is a finding. If there is anyone not listed within the spreadsheet by userid that has access of Read or greater to the FTP control cards, this is a finding.
Fix Text
Create a list or spreadsheet of the locations where FTP control cards are stored, who should have access to those libraries, and which applications use the FTP control cards. Add columns for users permitted access to the secured PDS. Make sure the FTP control Cards for each FTP are stored in a secure PDS and that they are not placed in the JCL libraries or in the in-stream JCL for each FTP.
Additional Identifiers
Rule ID: SV-272875r1082845_rule
Vulnerability ID: V-272875
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
      
        
        
      
      
        
  CCIs
      
      
        
        
      
    
  | Number | Definition | 
|---|---|
| CCI-000366 | Implement the security configuration settings. | 
      
        
        
      
      
        
  Controls
      
      
        
        
      
    
  | Number | Title | 
|---|---|
| CM-6 | Configuration Settings |