STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe product must prohibit user installation of software without explicit privileged status.

DISA Rule

SV-82795r1_rule

Vulnerability Number

V-68305

Group Title

SRG-APP-000378-MFP-000185

Rule Version

SRG-APP-000378-MFP-000185

Severity

CAT II

CCI(s)

• CCI-001812 - The information system prohibits user installation of software without explicit privileged status.

Weight

10

Fix Recommendation

Configure the Mainframe Product to prohibit user installation of software without explicit privileged status.

If the Mainframe Product uses an ESM, configure the ESM to include rules for installation of software-privileged roles.

Configure the roles to restrict access for software installation to the user with privilege status.

Check Contents

Examine installation and configuration settings for change management.

If the Mainframe Product does not identify installation privilege roles and prohibit user installation of software without explicit privileged status, this is a finding.

If the Mainframe Product uses an external security manager (ESM) and there are no rules for the identified roles and access is not restricted to appropriate privileged users according to site security plan, this is a finding.

Vulnerability Number

V-68305

Documentable

False

Rule Version

SRG-APP-000378-MFP-000185

Severity Override Guidance

Examine installation and configuration settings for change management.

If the Mainframe Product does not identify installation privilege roles and prohibit user installation of software without explicit privileged status, this is a finding.

If the Mainframe Product uses an external security manager (ESM) and there are no rules for the identified roles and access is not restricted to appropriate privileged users according to site security plan, this is a finding.

Check Content Reference

M

Target Key

3061

Comments