STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

The IBM z/OS TCPIP.DATA configuration statement must contain the DOMAINORIGIN or DOMAIN specified for each TCP/IP defined.

DISA Rule

SV-223829r604139_rule

Vulnerability Number

V-223829

Group Title

SRG-OS-000402-GPOS-00181

Rule Version

RACF-TC-000100

Severity

CAT II

CCI(s)

• CCI-002468 - The information system performs data origin verification authentication on the name/address resolution responses the system receives from authoritative sources.

Weight

10

Fix Recommendation

Configure the TCPIP.DATA file to include the DOMAINORIGIN/DOMAIN (The DOMAIN statement is functionally equivalent to the DOMAINORIGIN Statement).

Check Contents

Refer to the Data configuration file specified on the SYSTCPD DD statement in the TCPIP started task JCL.

If the DOMAINORIGIN/DOMAIN (The DOMAIN statement is functionally equivalent to the DOMAINORIGIN Statement) is specified in the TCP/IP Data configuration file, this is not a finding.

Vulnerability Number

V-223829

Documentable

False

Rule Version

RACF-TC-000100

Severity Override Guidance

Refer to the Data configuration file specified on the SYSTCPD DD statement in the TCPIP started task JCL.

If the DOMAINORIGIN/DOMAIN (The DOMAIN statement is functionally equivalent to the DOMAINORIGIN Statement) is specified in the TCP/IP Data configuration file, this is not a finding.

Check Content Reference

M

Target Key

4101

Comments