STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

The IBM z/OS TFTP server program must be properly protected.

DISA Rule

SV-223984r561402_rule

Vulnerability Number

V-223984

Group Title

SRG-OS-000368-GPOS-00154

Rule Version

TSS0-FT-000120

Severity

CAT II

CCI(s)

• CCI-001764 - The information system prevents program execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage.

Weight

10

Fix Recommendation

Evaluate the impact of implementing the following change. Develop a plan of action and implement the change as required. Ensure that the EZATD program and its alias TFTPD are defined to CA-TSS and no access to the program resources TFTPD and EZATD is permitted. The following commands provide a sample of how to protect the TFTP server program by assigning ownership and no permissions: TSS ADD(ADMIN) PROGRAM(TFTPD,EZATD)

Check Contents

From the ISPF Command Shell enter:
TSS WHOOWNS PROGRAM(*)

If the Program resources TFTPD and EZATD are owned appropriately in the PROGRAM resource class, this is not a finding.

Enter
TSS WHOHAS(TFTPD)
TSS WHOHAS(EZATD)

If no access to the program resources TFTPD and EZATD is permitted, this is not a finding.

Vulnerability Number

V-223984

Documentable

False

Rule Version

TSS0-FT-000120

Severity Override Guidance

From the ISPF Command Shell enter:
TSS WHOOWNS PROGRAM(*)

If the Program resources TFTPD and EZATD are owned appropriately in the PROGRAM resource class, this is not a finding.

Enter
TSS WHOHAS(TFTPD)
TSS WHOHAS(EZATD)

If no access to the program resources TFTPD and EZATD is permitted, this is not a finding.

Check Content Reference

M

Target Key

4102

Comments