z/OS BMC CONTROL-M for RACF STIG Version Comparison

There are 13 differences between versions v6 r10 (Nov. 23, 2022) (the "left" version) and v7 r2 (Oct. 1, 2025) (the "right" version).

Check ZCTM0060 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

BMC CONTROL-M security exits are not installed or configured properly.

Check Content

Interview the systems programmer responsible for the BMC CONTROL-M. Determine if the site has modified the following security exit(s): CTMSE01 CTMSE02 CTMSE08 Ensure exit(s): CTMSE01 CTMSE02 CTMSE08 Verify the above security exit(s) has (have) not been modified. If the above security exit(s) has (have) been modified, ensure verify that the security exit(s) has (have) been approved by the site systems programmer and the approval is on file for examination.

Discussion

The BMC CONTROL-M security exits enable access authorization checking to BMC CONTROL-M commands, features, and online functionality. If these exit(s) is (are) not in place, activities by unauthorized users may result. BMC CONTROL-M security exit(s) interface with the ACP. If an unauthorized exit was introduced into the operating environment, system security could be weakened or bypassed. These exposures may result in the compromise of the operating system environment, ACP, and customer data.

Fix

The systems programmer responsible for the BMC CONTROL-M will review the BMC CONTROL-M operating environment. Ensure that the following security exit(s) is (are) installed properly. Determine if the site has modified the following security exit(s): CTMSE01 CTMSE02 CTMSE08 Ensure that the security exit(s) has (have) not been modified. If the security exit(s) has (have) been modified, ensure the security exit(s) has (have) been checked as to not violate any security integrity within the system and approval documentation is on file.