STIGQter: STIG Summary: z/OS BMC CONTROL-O for TSS STIG Version: 6 Release: 7 Benchmark Date: 26 Oct 2018:

BMC CONTROL-O security exits are not installed or configured properly.

DISA Rule

SV-32016r1_rule

Vulnerability Number

V-17985

Group Title

ZB000060

Rule Version

ZCTO0060

Severity

CAT II

CCI(s)

CCI-000035 - The information system provides the capability for privileged administrators to configure the organization-defined security policy filters to support different security policies.

Weight

Fix Recommendation

The System programmer responsible for the BMC CONTROL-O will review the BMC CONTROL-O operating environment. Ensure that the following security exit(s) is (are) installed properly. Determine if the site has modified the following security exit(s):

CTOSE01
CTOSE02
CTOSE03
CTOSE04
CTOSE08
CTOSE10
CTOSE15

Ensure that the security exit(s) has (have) not been modified.

If the security exit(s) has (have) been modified, ensure the security exit(s) has (have) been checked as to not violate any security integrity within the system and approval documentation is on file.

Check Contents

Interview the systems programmer responsible for the BMC CONTROL-O. Determine if the site has modified the following security exit(s):

CTOSE01
CTOSE02
CTOSE03
CTOSE04
CTOSE08
CTOSE10
CTOSE15

Ensure the above security exit(s) has (have) not been modified.

If the above security exit(s) has (have) been modified, ensure that the security exit(s) has (have) been approved by the site systems programmer and the approval is on file for examination.

BMC CONTROL-O security exits are not installed or configured properly.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments