Title

Transparent Data Migration Facility (TDMF) configuration/parameter/option values are not specified properly. (Cat II impact)

Discussion

Transparent Data Migration Facility (TDMF) configuration/parameter/option settings control the security and operational characteristics of product. If these setting values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of system and customer data.

Check Content

a) Have the the products system programmer display the configuration/parameters control statements used in the current runing product to define or enable security. b) Verify the following specifications: Parameter Options: VOLUME SECURITY = YES CHECK TARGET EMPTY = YES Session Options: Volume Security is not available. CHECKTarget|CHKTarget c) If (b) above is true, there is NO FINDING. d) If (b) above is untrue, this is a FINDING

Fix Text

The product systems programmer will verify that any configuration / parameters that are required to control the security of the product are properly configured and syntactically correct. See the required parameters below: Parameter Options: VOLUME SECURITY = YES CHECK TARGET EMPTY = YES Session Options: Volume Security is not available. CHECKTarget|CHKTarget NOTE: The IAO will ensure that volume resource protection is define to the ACP and access to volumes be given to the approiate personnel.

Additional Identifiers

Rule ID: SV-24802r1_rule

Vulnerability ID: V-18014

Group Title: ZB000040

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.