STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

The IBM z/OS must employ a session manager that conceals, via the session lock, information previously visible on the display with a publicly viewable image.

DISA Rule

SV-223794r604139_rule

Vulnerability Number

V-223794

Group Title

SRG-OS-000031-GPOS-00012

Rule Version

RACF-OS-000400

Severity

CAT II

CCI(s)

• CCI-000060 - The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image.

Weight

10

Fix Recommendation

Configure the session manager to conceal, via the session lock, information previously visible on the display with a publicly viewable image.

Check Contents

Ask the system administrator for the configuration parameters for the session manager in use.

If there is no session manager in use, this is a finding.

If the session manager is not configure to conceal, via the session lock, information previously visible on the display with a publicly viewable image, this is a finding.

Vulnerability Number

V-223794

Documentable

False

Rule Version

RACF-OS-000400

Severity Override Guidance

Ask the system administrator for the configuration parameters for the session manager in use.

If there is no session manager in use, this is a finding.

If the session manager is not configure to conceal, via the session lock, information previously visible on the display with a publicly viewable image, this is a finding.

Check Content Reference

M

Target Key

4101

Comments