IBM z/OS TSS STIG Version Comparison

There are 10 differences between versions v8 r13 (April 24, 2024) (the "left" version) and v9 r2 (Oct. 24, 2024) (the "right" version).

Check TSS0-OS-000440 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Title

IBM z/OS system administrator must develop a procedure to terminate all sessions and network connections related to nonlocal maintenance when nonlocal maintenance is completed.

Check Content

Ask the system administrator for the procedure to terminate all sessions and network connections related to nonlocal maintenance when nonlocal maintenance is completed. If there is no procedure, this is a finding.

Discussion

If a maintenance session or connection remains open after maintenance is completed, it may be hijacked by an attacker and used to compromise or damage the system. Some maintenance and test tools are either standalone devices with their own operating systems or are applications bundled with an operating system. Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection.

Fix

Develop a procedure to terminate all sessions and network connections related to nonlocal maintenance when nonlocal maintenance is completed.