STIGQter STIGQter: STIG Summary: z/OS RACF STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: FTP / Telnet unencryted transmissions require Acknowledgement of Risk Letter(AORL)

DISA Rule

SV-8757r2_rule

Vulnerability Number

V-8271

Group Title

IFTP0100

Rule Version

IFTP0100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure that an Acknowledgement of Risk Letter exist for all userids utilizing unencrypted communications.

Check Contents

a) Provide a list of all FTP userids defined to the ACP database, including the function and purpose of each FTP userid.

b) Refer to the to the above list

c) Ensure that an Acknowledgement of Risk Letter exist for all userids utilizing unencrypted communications.

d) If (c) is true, there is NO FINDING.

e) If (c) is untrue, this is a FINDING.

Vulnerability Number

V-8271

Documentable

False

Rule Version

IFTP0100

Severity Override Guidance

a) Provide a list of all FTP userids defined to the ACP database, including the function and purpose of each FTP userid.

b) Refer to the to the above list

c) Ensure that an Acknowledgement of Risk Letter exist for all userids utilizing unencrypted communications.

d) If (c) is true, there is NO FINDING.

e) If (c) is untrue, this is a FINDING.

Check Content Reference

M

Potential Impact

Information being passed in the clear can violate
System and Data integrity.

Responsibility

Information Assurance Officer

Target Key

106

Comments