Check: TSS0380
zOS TSS STIG:
TSS0380
(in versions v6 r43 through v6 r30)
Title
The EXIT Control Option is not set to (ON) for DISA sites. (Cat II impact)
Discussion
The EXIT Control Option activates and deactivates the installation exit. For non DISA sites this value is site defined. DISA sites use NCPASS. The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system-environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during migration process or contingency plan activation.
Check Content
NOTE: For non DISA sites EXIT is site defined. DISA sites use NCPASS TOKENs requiring an installation EXIT. a) Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(STATUS) Automated Analysis Refer to the following report produced by the TSS Data Collection: - PDI(TSS0380) b) If the EXIT Control Option is set to EXIT(ON), there is NO FINDING. c) If the EXIT Control Option is NOT set to EXIT(ON), this is a FINDING.
Fix Text
For DISA sites and sites requiring an installation exit, set the EXIT control option to: EXIT(ON)
Additional Identifiers
Rule ID: SV-197r2_rule
Vulnerability ID: V-197
Group Title: TSS0380
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000764 |
Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users. |
| CCI-000765 |
Implement multifactor authentication for access to privileged accounts. |