STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

Mainframe Products requiring user access authentication must provide a logoff capability for a user-initiated communication session.

DISA Rule

SV-82609r1_rule

Vulnerability Number

V-68119

Group Title

SRG-APP-000296-MFP-000007

Rule Version

SRG-APP-000296-MFP-000007

Severity

CAT II

CCI(s)

• CCI-002363 - The information system provides a logout capability for user-initiated communications sessions whenever authentication is used to gain access to organization-defined information resources.

Weight

10

Fix Recommendation

Configure the Mainframe Product settings to provide capability of user-initiated logoff.

Check Contents

If the Mainframe Product has no logon capability, this requirement is not applicable.

If the Mainframe Product does not provide a logout capability for user initiated communication sessions, this is a finding.

Examine the Mainframe Product configuration settings to determine whether a user can logoff. If the configurations are not properly set, this is a finding.

Vulnerability Number

V-68119

Documentable

False

Rule Version

SRG-APP-000296-MFP-000007

Severity Override Guidance

If the Mainframe Product has no logon capability, this requirement is not applicable.

If the Mainframe Product does not provide a logout capability for user initiated communication sessions, this is a finding.

Examine the Mainframe Product configuration settings to determine whether a user can logoff. If the configurations are not properly set, this is a finding.

Check Content Reference

M

Target Key

3061

Comments