STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

The CA-TSS ALL record must have appropriate access to Facility Matrix Tables.

DISA Rule

SV-223927r561402_rule

Vulnerability Number

V-223927

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

TSS0-ES-000530

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Review ALL record for FACILITY access. Evaluate the impact of correcting the deficiency. Develop a plan of action and remove access.

Check Contents

Review the ALL record for the assignment of FACILITY.

If CA-Top Secret facilities are granted via the ALL record, with the exception of DFHSM/HSM, this is a finding.

The DFHSM/HSM FACILITY can be determined by reviewing FACLIST for the FACILITY that contains INITPGM=ARC.

Vulnerability Number

V-223927

Documentable

False

Rule Version

TSS0-ES-000530

Severity Override Guidance

Review the ALL record for the assignment of FACILITY.

If CA-Top Secret facilities are granted via the ALL record, with the exception of DFHSM/HSM, this is a finding.

The DFHSM/HSM FACILITY can be determined by reviewing FACLIST for the FACILITY that contains INITPGM=ARC.

Check Content Reference

M

Target Key

4102

Comments