IBM z/OS FTP.DATA configuration statements for the FTP server must specify the BANNER statement.
DISA Rule
SV-223737r604139_rule
Vulnerability Number
V-223737
Group Title
SRG-OS-000228-GPOS-00088
Rule Version
RACF-FT-000050
Severity
CAT II
CCI(s)
- CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
- CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.
Weight
10
Fix Recommendation
Configure the FTP configuration to include the BANNER statement.
Check Contents
Refer to the Data configuration file specified on the SYSFTPD DD statement in the FTP started task JCL.
If the BANNER statement is coded, this is not a finding.
Vulnerability Number
V-223737
Documentable
False
Rule Version
RACF-FT-000050
Severity Override Guidance
Refer to the Data configuration file specified on the SYSFTPD DD statement in the FTP started task JCL.
If the BANNER statement is coded, this is not a finding.
Check Content Reference
M
Target Key
4101
Comments
STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021: