STIGQter: STIG Summary: zOS FEP for TSS Version: 6 Release: 1 Benchmark Date: 11 Mar 2020:

An active log is not available to keep track of all hardware upgrades and software changes made to the FEP (Front End Processor).

DISA Rule

SV-7198r3_rule

Vulnerability Number

V-6903

Group Title

ZFEP0014

Rule Version

ZFEP0014

Severity

CAT II

CCI(s)

• CCI-000318 - The organization audits and reviews activities associated with configuration-controlled changes to the system.

Weight

10

Fix Recommendation

The systems programmer will see that a a log of all hardware and software upgrades/changes has been created for auditing purposes and problem tracking. All changes and upgrades will be logged.

Check Contents

a) Review site documentation to validate that procedures are in place to protect the FEP service subsystem and diskette drive:

- All documents and procedures that apply to FEP operations including network management, FEP initialization, IPL, shutdown, NCP dumping, backup, and recovery.

b) If a log is in place to keep track of all hardware upgrades and software changes, there is NO FINDING.

c) If no log is in place to keep track of all hardware upgrades and software changes, this is a FINDING.

Vulnerability Number

V-6903

Documentable

False

Rule Version

ZFEP0014

Severity Override Guidance

a) Review site documentation to validate that procedures are in place to protect the FEP service subsystem and diskette drive:

- All documents and procedures that apply to FEP operations including network management, FEP initialization, IPL, shutdown, NCP dumping, backup, and recovery.

b) If a log is in place to keep track of all hardware upgrades and software changes, there is NO FINDING.

c) If no log is in place to keep track of all hardware upgrades and software changes, this is a FINDING.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

3359

Comments