An error occurred:

Check: ZCICT050

zOS TSS STIG: ZCICT050 (in versions v6 r43 through v6 r30)

Title

Control options for the Top Secret CICS facilities must meet minimum requirements. (Cat II impact)

Discussion

TSS CICS facilities define the security controls in effect for CICS regions. Failure to code the appropriate values could result in degraded security. This exposure may result in unauthorized access impacting the confidentiality, integrity, and availability of the CICS region, applications, and customer data.

Check Content

a) Refer to the following report produced by the z/OS Data Collection: - EXAM.RPT(CICSPROC) Refer to the following reports produced by the TSS Data Collection: - TSSCMDS.RPT(FACLIST) - Preferred report containing all control option values in effect including default values - TSSCMDS.RPT(TSSPRMFL) - Alternate report containing only control option values explicitly coded at TSS startup Refer to the CICS Systems Programmer Worksheets filled out from previous vulnerability ZCIC0010. b) Ensure the following items are in effect for each CICS region’s facility: 1) The TSS CICS facility is defined with the control option values specified in the TOP SECRET INITIALIZATION PARAMETERS FOR CICS REGION Table in the z/OS STIG Addendum . Note: An exception to the STIG is MRO CICS regions in production will use SIGN(M) appropriately. 2) XUSER=YES must be coded in each CICS facility. 3) CICS transactions defined in the BYPASS list are not sensitive transactions. c) If the items in (b) are true for all CICS region’s facility, there is NO FINDING. d) If any item in (b) is untrue for a CICS region’s facility, this is a FINDING.

Fix Text

Review the TSS control option values for all CICS facilities. Ensure the following items are in effect for each CICS region’s facility: 1) The TSS CICS facility is defined with the control option values specified in table - "TOP SECRET INITIALIZATION PARAMETERS FOR CICS REGION" , in the zOS STIG Addendum. Note: An exception is MRO CICS regions in production will use SIGN(M) appropriately. 2) XUSER=YES must be coded in each CICS facility. 3) CICS transactions defined in the BYPASS list are not sensitive transactions.

Additional Identifiers

Rule ID: SV-8032r3_rule

Vulnerability ID: V-7555

Group Title: ZCICT050

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings