STIGQter: STIG Summary: z/OS BMC IOA for ACF2 STIG Version: 6 Release: 7 Benchmark Date: 26 Oct 2018:

BMC IOA configuration/parameter values are not specified properly.

DISA Rule

SV-31958r1_rule

Vulnerability Number

V-18014

Group Title

ZB000040

Rule Version

ZIOAA040

Severity

CAT II

CCI(s)

CCI-000035 - The information system provides the capability for privileged administrators to configure the organization-defined security policy filters to support different security policies.

Weight

Fix Recommendation

The BMC IOA Systems programmer will verify that any configuration/parameters that are required to control the security of the product are properly configured and syntactically correct. Set the standard values for the BMC IOA security parameters for the specific ACP environment along with additional IOA security parameters with standard values as documented below.

Keyword Value
DEFMCHKI $$IOAEDM
SECTOLI NO
DFMI06 EXTEND
DFMI07 EXTEND
DFMI09 EXTEND
DFMI12 EXTEND
DFMI16 EXTEND
DFMI32 EXTEND
DFMI40 EXTEND
DFMI42 EXTEND
IOACLASS IOAFAC
SAFSCLAS SURROGAT
IOATCBS YES

Check Contents

Refer to the following applicable reports produced by the z/OS Data Collection:

- IOA.RPT(SECPARM)

Automated Analysis
Refer to the following report produced by the z/OS Data Collection:

- PDI(ZIOA0040)

The following keywords will have the specified values in the BMC IOA security parameter member:

Keyword Value
DEFMCHKI $$IOAEDM
SECTOLI NO
DFMI06 EXTEND
DFMI07 EXTEND
DFMI09 EXTEND
DFMI12 EXTEND
DFMI16 EXTEND
DFMI32 EXTEND
DFMI40 EXTEND
DFMI42 EXTEND
IOACLASS IOAFAC
SAFSCLAS SURROGAT
IOATCBS YES

BMC IOA configuration/parameter values are not specified properly.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments