STIGQter STIGQter: STIG Summary: z/OS ICSF for TSS Security Technical Implementation Guide Version: 6 Release: 6 Benchmark Date: 23 Apr 2021:

IBM Integrated Crypto Service Facility (ICSF) Started Task name is not properly identified / defined to the system ACP.

DISA Rule

SV-225578r472532_rule

Vulnerability Number

V-225578

Group Title

SRG-OS-000104

Rule Version

ZICST030

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The Systems Programmer and IAO will ensure that the started task for IBM Integrated Crypto Service Facility (ICSF) Started Task(s) is properly Identified / defined to the System ACP.

If the product requires a Started Task, verify that it is properly defined to the System ACP with the proper attributes.

Most installation manuals will indicate how the Started Task is identified and any additional attributes that must be specified. Define the started task userid CSFSTART for IBM Integrated Crypto Service Facility (ICSF).

Example:

TSS CRE(CSFSTART) DEPT(Dept) NAME('ICSF STC') -
FAC(STC) PASSWORD(password,0) -
SOURCE(INTRDR)

Check Contents

a) Refer to the following reports produced by the TSS Data Collection:

- TSSCMDS.RPT(@ACIDS)

b) Review the IBM Integrated Crypto Service Facility (ICSF) STC/Batch ACID(s) for the following:

___ Is defined with Facility of STC and/or BATCH.

___ Is sourced to the INTRDR.

c) If all of the above are true, there is NO FINDING.

d) If any of the above is untrue, this is a FINDING.

Vulnerability Number

V-225578

Documentable

False

Rule Version

ZICST030

Severity Override Guidance

a) Refer to the following reports produced by the TSS Data Collection:

- TSSCMDS.RPT(@ACIDS)

b) Review the IBM Integrated Crypto Service Facility (ICSF) STC/Batch ACID(s) for the following:

___ Is defined with Facility of STC and/or BATCH.

___ Is sourced to the INTRDR.

c) If all of the above are true, there is NO FINDING.

d) If any of the above is untrue, this is a FINDING.

Check Content Reference

M

Target Key

4202

Comments