Check: ZFEP0013
zOS RACF STIG:
ZFEP0013
(in versions v6 r43 through v6 r30)
Title
A documented procedure is not available instructing how to load and dump the FEP NCP (Network Control Program). (Cat II impact)
Discussion
If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized users can access the control panel, the operator console, and the diskette drive of the service subsystem. Therefore, they can interfere with the normal operations of the FEPs. Improper control of FEP components could compromise network operations.
Check Content
a) Review site documentation to validate that procedures are in place to protect the FEP service subsystem and diskette drive: - Documents and procedures regarding the NCP load and dump processes. b) If a procedure is in place relative to the NCP load and dump processes, there is NO FINDING. c) If no procedure is in place relative to the NCP load and dump processes, this is a FINDING.
Fix Text
If documented procedures for loading and dumping the FEP NCP (Network Control Program) are not available. Create a procedure document for dumping and loading the FEP and make sure that they are available to the IAO and to authorized personnel responsible to perform these functions.
Additional Identifiers
Rule ID: SV-7197r2_rule
Vulnerability ID: V-6902
Group Title: ZFEP0013
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000504 |
The organization includes a full recovery and reconstitution of the information system to a known state as part of contingency plan testing. |
Controls
Number | Title |
---|---|
CP-4 (4) |
Full Recovery / Reconstitution |