IBM z/OS FTP.DATA configuration statements for the FTP server must specify the Standard Mandatory DoD Notice and Consent Banner statement.
DISA Rule
SV-223982r561402_rule
Vulnerability Number
V-223982
Group Title
SRG-OS-000228-GPOS-00088
Rule Version
TSS0-FT-000100
Severity
CAT II
CCI(s)
- CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
- CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.
Weight
10
Fix Recommendation
Code the FTPD configuration file to include the BANNER statement that points to the Standard Mandatory DoD Notice and Consent Banner statement.
Check Contents
Refer to the file specified on the SYSFTPD DD statement in the FTP started task JCL.
If the BANNER statement is not coded or is commented out, this is a finding.
Vulnerability Number
V-223982
Documentable
False
Rule Version
TSS0-FT-000100
Severity Override Guidance
Refer to the file specified on the SYSFTPD DD statement in the FTP started task JCL.
If the BANNER statement is not coded or is commented out, this is a finding.
Check Content Reference
M
Target Key
4102
Comments
STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: