STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

Mainframe Products scanning for malicious code must scan all media used for system maintenance prior to use.

DISA Rule

SV-82909r1_rule

Vulnerability Number

V-68419

Group Title

SRG-APP-000073-MFP-000255

Rule Version

SRG-APP-000073-MFP-000255

Severity

CAT II

CCI(s)

• CCI-000870 - The organization checks media containing diagnostic and test programs for malicious code before the media are used in the information system.

Weight

10

Fix Recommendation

Configure the Mainframe Product to scan all media used in maintenance prior to use.

Check Contents

If the Mainframe Product has no function or capability for scanning activity, this is not applicable.

Examine installation and configuration settings.

If the Mainframe Product is not configured to scan all media brought into the organization for diagnostic and testing purposes for intentional or unintentionally included malicious code prior to use, this is a finding.

Vulnerability Number

V-68419

Documentable

False

Rule Version

SRG-APP-000073-MFP-000255

Severity Override Guidance

If the Mainframe Product has no function or capability for scanning activity, this is not applicable.

Examine installation and configuration settings.

If the Mainframe Product is not configured to scan all media brought into the organization for diagnostic and testing purposes for intentional or unintentionally included malicious code prior to use, this is a finding.

Check Content Reference

M

Target Key

3061

Comments