STIGQter: STIG Summary: z/OS IBM CICS Transaction Server for ACF2 STIG Version: 6 Release: 6 Benchmark Date: 24 Apr 2020:

CICS startup JCL statement is not specified in accordance with the proper security requirements.

DISA Rule

SV-7188r3_rule

Vulnerability Number

V-6893

Group Title

ZCICA022

Rule Version

ZCICA022

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

The IAO will ensure that each CICS region procedure has the ACF2/CICS parameter dataset specified.

Ensure every CICS region on the system has the ACF2PARM DD statement in the CICS startup JCL.

View the started task proc for each CICS region in SYS3.PROCLIB using ISPF.

Check Contents

a) Refer to the following report produced by the z/OS Data Collection:

- EXAM.RPT(CICSPROC)

Refer to the CICS Systems Programmer Worksheets filled out from previous vulnerability ZCIC0010.

b) Ensure every CICS region on the system has the ACF2PARM DD statement in the CICS startup JCL.

c) If the item in (b) is true for each CICS region, there is NO FINDING.

d) If the item in (b) is untrue for a CICS region, this is a FINDING.

Vulnerability Number

V-6893

Documentable

False

Rule Version

ZCICA022

Severity Override Guidance

a) Refer to the following report produced by the z/OS Data Collection:

- EXAM.RPT(CICSPROC)

Refer to the CICS Systems Programmer Worksheets filled out from previous vulnerability ZCIC0010.

b) Ensure every CICS region on the system has the ACF2PARM DD statement in the CICS startup JCL.

c) If the item in (b) is true for each CICS region, there is NO FINDING.

d) If the item in (b) is untrue for a CICS region, this is a FINDING.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

198

Comments