STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

CA-TSS MSCA ACID password changes must be documented in the change log.

DISA Rule

SV-223964r561402_rule

Vulnerability Number

V-223964

Group Title

SRG-OS-000327-GPOS-00127

Rule Version

TSS0-ES-000910

Severity

CAT II

CCI(s)

• CCI-002234 - The information system audits the execution of privileged functions.

Weight

10

Fix Recommendation

Ensure that the MSCA password changes are documented with comments in the TSS Recovery file. The TSS Recovery file will be of sufficient size to ensure that the change is documented.

Check Contents

From ISPF Command Shell enter:
Exec the CA-TSS TSSAUDIT Utility using CHANGES Control Statement.
Note: If running Quest NC-Pass, validate that the MSCA ACID has the FACILITY of NCPASS and SECURID resource in the ABSTRACT resource class.

If the MSCA password changes are documented in the change log, this is not a finding.

Vulnerability Number

V-223964

Documentable

False

Rule Version

TSS0-ES-000910

Severity Override Guidance

From ISPF Command Shell enter:
Exec the CA-TSS TSSAUDIT Utility using CHANGES Control Statement.
Note: If running Quest NC-Pass, validate that the MSCA ACID has the FACILITY of NCPASS and SECURID resource in the ABSTRACT resource class.

If the MSCA password changes are documented in the change log, this is not a finding.

Check Content Reference

M

Target Key

4102

Comments