STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

The IBM z/OS Policy Agent must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.

DISA Rule

SV-223780r604139_rule

Vulnerability Number

V-223780

Group Title

SRG-OS-000480-GPOS-00232

Rule Version

RACF-OS-000240

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002080 - The organization employs either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems.

Weight

10

Fix Recommendation

Develop a policy application and policy agent to employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.

Check Contents

Examine the policy agent policy statements.

If it can be determined that the policy agent employs a deny-all, allow-by exception firewall policy for allowing connections to other systems this is not a finding.

Vulnerability Number

V-223780

Documentable

False

Rule Version

RACF-OS-000240

Severity Override Guidance

Examine the policy agent policy statements.

If it can be determined that the policy agent employs a deny-all, allow-by exception firewall policy for allowing connections to other systems this is not a finding.

Check Content Reference

M

Target Key

4101

Comments