STIGQter STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must enforce approved authorizations for logical access to sensitive information and system resources in accordance with applicable access control policies.

DISA Rule

SV-82649r1_rule

Vulnerability Number

V-68159

Group Title

SRG-APP-000033-MFP-000056

Rule Version

SRG-APP-000033-MFP-000056

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Mainframe Product to enforce role and/or resource access in accordance with applicable access control policies. This can be accomplished using an external security manager.

Configure the external security manager to restrict user access according to applicable access control policies.

Check Contents

If an external security manager is used, check the external security manager rules and configuration.

If there are no rules for these resources or the rules do not restrict user access in accordance with applicable access control policies, this is a finding.

Examine mainframe product installation and configuration settings.

Verify that the Mainframe Product enforces role and/or resource access in accordance with applicable access control policies.

If it does not, this is a finding.

Vulnerability Number

V-68159

Documentable

False

Rule Version

SRG-APP-000033-MFP-000056

Severity Override Guidance

If an external security manager is used, check the external security manager rules and configuration.

If there are no rules for these resources or the rules do not restrict user access in accordance with applicable access control policies, this is a finding.

Examine mainframe product installation and configuration settings.

Verify that the Mainframe Product enforces role and/or resource access in accordance with applicable access control policies.

If it does not, this is a finding.

Check Content Reference

M

Target Key

3061

Comments