z/OS CA-1 Tape Management for ACF2 STIG Version Comparison
z/OS CA-1 Tape Management for ACF2 Security Technical Implementation Guide
Comparison
There are 3 differences between versions v6 r8 (Oct. 25, 2019) (the "left" version) and v6 r10 (Nov. 23, 2022) (the "right" version).
Check ZCA10041 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.
The regular view of the left check and right check may be easier to read.
Text Differences
Title
CA 1 Tape Management system password will be changed from the default.
Check Content
Refer to the following report produced by the z/OS Data Collection: - CA1RPT(TMSTMVT) – Collection: - CA1RPT(TMSTMVT) - for r11.5 and below - below - CA1RPT(TMOOPTxx) CA1RPT(TMOOPTxx) – - for r12.0 and above Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZCA10041) For Collection: - PDI(ZCA10041) For r11.5 and below refer to offset x'18' from the beginning of module TMSTMVT. For r12.0 and above refer to the SHUTDWN option specified in the TMOOPTxx. The TMOOPTxx member is specified in the TMOSYSxx member in the data set allocated by the TMSPARM DD statement in the TMSINIT STC. If the default CA 1 system password is not being utilized, this is not a finding. NOTE: The finding. NOTE: The default system password for CA 1 provided by CA is CA1(TMS). The default system passwords provided by SSO are SSOCA1DF and SSOC@1DF.
Discussion
CA 1 Tape Management default system password is common with all CA 1 systems. With this password, CA 1 tape processing can be deactivated. This could allow for unauthorized access to information stored on tape volumes and the CA 1 Tape Management Catalog (TMC). The result may threaten the integrity and availability of the CA 1 Tape Management System, and compromise the confidentiality of customer data.
Fix
The systems programmer/IAO programmer/ISSO will ensure that the CA 1 system password is changed from the vendor default system password. Verify upon installation that the password is not the same as the default password and user distributed with the original installation default. For r11.5 and below refer to offset x'18' from the beginning of module TMSTMVT. For r12.0 and above refer to the SHUTDWN option specified in the TMOOPTxx. The TMOOPTxx member is specified in the TMOSYSxx member in the data set allocated by the TMSPARM DD statement in the TMSINIT STC. NOTE: The default system password for CA 1 provided by CA is CA1(TMS). The default system passwords provided by SSO are SSOCA1DF and SSOC@1DF.