STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

The CA-TSS HFSSEC resource class must be defined with DEFPROT.

DISA Rule

SV-224085r561402_rule

Vulnerability Number

V-224085

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

TSS0-US-000120

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Ensure that the HFSSEC resource class has the attribute DEFPROT.

For Example:

TSS REPLACE(RDT) RESCLASS(HFSSEC) ATTR(DEFPROT)

Check Contents

From the ISPF Command Shell enter:
TSS MODIFY STATUS
If the Control Option is HFSSEC(OFF), this is Not Applicable.

Enter:
TSS LIST RDT
If the DEFPROT attribute is specified for the HFSSEC resource class in the RDT, this is not a finding.

Vulnerability Number

V-224085

Documentable

False

Rule Version

TSS0-US-000120

Severity Override Guidance

From the ISPF Command Shell enter:
TSS MODIFY STATUS
If the Control Option is HFSSEC(OFF), this is Not Applicable.

Enter:
TSS LIST RDT
If the DEFPROT attribute is specified for the HFSSEC resource class in the RDT, this is not a finding.

Check Content Reference

M

Target Key

4102

Comments