STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

DISA Rule

SV-82897r1_rule

Vulnerability Number

V-68407

Group Title

SRG-APP-000179-MFP-000247

Rule Version

SRG-APP-000179-MFP-000247

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Configure the Mainframe Product account management settings to be FIPS 140 compliant.

Check Contents

If the Mainframe Product has no function or capability for user logon, this is not applicable.

If the Mainframe Product employs an external security manager for all account management functions, this is not applicable.

Examine user account configurations.

If the Mainframe Product is configured to be FIPS 140 compliant, this is not a finding.

Vulnerability Number

V-68407

Documentable

False

Rule Version

SRG-APP-000179-MFP-000247

Severity Override Guidance

If the Mainframe Product has no function or capability for user logon, this is not applicable.

If the Mainframe Product employs an external security manager for all account management functions, this is not applicable.

Examine user account configurations.

If the Mainframe Product is configured to be FIPS 140 compliant, this is not a finding.

Check Content Reference

M

Target Key

3061

Comments