STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must provide the capability for users to directly initiate a session lock.

DISA Rule

SV-82603r1_rule

Vulnerability Number

V-68113

Group Title

SRG-APP-000004-MFP-000004

Rule Version

SRG-APP-000004-MFP-000004

Severity

CAT II

CCI(s)

• CCI-000058 - The information system provides the capability for users to directly initiate session lock mechanisms.

Weight

10

Fix Recommendation

Configure the Mainframe Product user’s attributes to enable ability to initiate a session lock.

Verify the external security manager permits it.

Check Contents

If the Mainframe Product has no data screen capability, this requirement is not applicable.

Determine whether the Mainframe Product allows users to directly initiate a session lock. If it does not this is a finding.

Examine the Mainframe Product configuration parameters and user attributes to determine whether user can initiate a session lock.

If the parameters are not properly set and/or user is not permitted, this is a finding.

Vulnerability Number

V-68113

Documentable

False

Rule Version

SRG-APP-000004-MFP-000004

Severity Override Guidance

If the Mainframe Product has no data screen capability, this requirement is not applicable.

Determine whether the Mainframe Product allows users to directly initiate a session lock. If it does not this is a finding.

Examine the Mainframe Product configuration parameters and user attributes to determine whether user can initiate a session lock.

If the parameters are not properly set and/or user is not permitted, this is a finding.

Check Content Reference

M

Target Key

3061

Comments