Check: ZCA10041
z/OS CA 1 Tape Management for TSS STIG:
ZCA10041
(in versions v6 r9 through v6 r6)
Title
CA 1 Tape Management system password will be changed from the default. (Cat II impact)
Discussion
CA 1 Tape Management default system password is common with all CA 1 systems. With this password, CA 1 tape processing can be deactivated. This could allow for unauthorized access to information stored on tape volumes and the CA 1 Tape Management Catalog (TMC). The result may threaten the integrity and availability of the CA 1 Tape Management System, and compromise the confidentiality of customer data.
Check Content
Refer to the following report produced by the z/OS Data Collection: - CA1RPT(TMSTMVT) – for r11.5 and below - CA1RPT(TMOOPTxx) – for r12.0 and above Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZCA10041) For r11.5 and below refer to offset x'18' from the beginning of module TMSTMVT. For r12.0 and above refer to the SHUTDWN option specified in the TMOOPTxx. The TMOOPTxx member is specified in the TMOSYSxx member in the data set allocated by the TMSPARM DD statement in the TMSINIT STC. If the default CA 1 system password is not being utilized, this is not a finding. NOTE: The default system password for CA 1 provided by CA is CA1(TMS). The default system passwords provided by SSO are SSOCA1DF and SSOC@1DF.
Fix Text
The systems programmer/IAO will ensure that the CA 1 system password is changed from the vendor default system password. Verify upon installation that the password is not the same as the default password and user distributed with the original installation default. For r11.5 and below refer to offset x'18' from the beginning of module TMSTMVT. For r12.0 and above refer to the SHUTDWN option specified in the TMOOPTxx. The TMOOPTxx member is specified in the TMOSYSxx member in the data set allocated by the TMSPARM DD statement in the TMSINIT STC. NOTE: The default system password for CA 1 provided by CA is CA1(TMS). The default system passwords provided by SSO are SSOCA1DF and SSOC@1DF.
Additional Identifiers
Rule ID: SV-224636r519514_rule
Vulnerability ID: V-224636
Group Title: SRG-OS-000018
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000035 |
The information system provides the capability for privileged administrators to configure the organization-defined security policy filters to support different security policies. |
Controls
Number | Title |
---|---|
AC-4 (11) |
Configuration Of Security Policy Filters |