STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

The CA-TSS database must be backed up on a scheduled basis.

DISA Rule

SV-224005r561402_rule

Vulnerability Number

V-224005

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

TSS0-OS-000090

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the TSS PARMLIB BACKUP parameter to include BACKUP statement with a valid time. Additionally, configure the BACKUP parameter in the TSS Parmfile to include BACKUP statement with a valid time for nightly backups.

Check Contents

Refer to the TSS Proclib PARMFILE DD to determine the PARM member.

If the BACKUP is missing or coded with blank or OFF this is a finding.

Note: If the security data base is shared only one of the systems is required to configure the BACKUP option in the PARMFILE. Determine that the option is properly coded on one of the systems that share the security database.

From the ISPF Command Shell enter:
TSS MODIFY(Status)

If the backup parameter is active with a valid time this is not a finding.

Vulnerability Number

V-224005

Documentable

False

Rule Version

TSS0-OS-000090

Severity Override Guidance

Refer to the TSS Proclib PARMFILE DD to determine the PARM member.

If the BACKUP is missing or coded with blank or OFF this is a finding.

Note: If the security data base is shared only one of the systems is required to configure the BACKUP option in the PARMFILE. Determine that the option is properly coded on one of the systems that share the security database.

From the ISPF Command Shell enter:
TSS MODIFY(Status)

If the backup parameter is active with a valid time this is not a finding.

Check Content Reference

M

Target Key

4102

Comments