STIGQter STIGQter: STIG Summary: z/OS ICSF for TSS STIG Version: 6 Release: 5 Benchmark Date: 27 Jul 2018: IBM Integrated Crypto Service Facility (ICSF) Started Task name is not properly identified / defined to the system ACP.

DISA Rule

SV-30591r1_rule

Vulnerability Number

V-17452

Group Title

ZB000030

Rule Version

ZICST030

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The Systems Programmer and IAO will ensure that the started task for IBM Integrated Crypto Service Facility (ICSF) Started Task(s) is properly Identified / defined to the System ACP.

If the product requires a Started Task, verify that it is properly defined to the System ACP with the proper attributes.

Most installation manuals will indicate how the Started Task is identified and any additional attributes that must be specified. Define the started task userid CSFSTART for IBM Integrated Crypto Service Facility (ICSF).

Example:

TSS CRE(CSFSTART) DEPT(Dept) NAME('ICSF STC') -
FAC(STC) PASSWORD(password,0) -
SOURCE(INTRDR)

Check Contents

a) Refer to the following reports produced by the TSS Data Collection:

- TSSCMDS.RPT(@ACIDS)

b) Review the IBM Integrated Crypto Service Facility (ICSF) STC/Batch ACID(s) for the following:

___ Is defined with Facility of STC and/or BATCH.

___ Is sourced to the INTRDR.

c) If all of the above are true, there is NO FINDING.

d) If any of the above is untrue, this is a FINDING.

Vulnerability Number

V-17452

Documentable

False

Rule Version

ZICST030

Severity Override Guidance

a) Refer to the following reports produced by the TSS Data Collection:

- TSSCMDS.RPT(@ACIDS)

b) Review the IBM Integrated Crypto Service Facility (ICSF) STC/Batch ACID(s) for the following:

___ Is defined with Facility of STC and/or BATCH.

___ Is sourced to the INTRDR.

c) If all of the above are true, there is NO FINDING.

d) If any of the above is untrue, this is a FINDING.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1900

Comments