STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must provide the capability for authorized users to remotely view/hear, in real time, all content related to an established user session from a component separate from the Mainframe Product being monitored.

DISA Rule

SV-82729r1_rule

Vulnerability Number

V-68239

Group Title

SRG-APP-000355-MFP-000139

Rule Version

SRG-APP-000355-MFP-000139

Severity

CAT II

CCI(s)

• CCI-001920 - The information system provides the capability for authorized users to remotely view/hear all content related to an established user session in real time.

Weight

10

Fix Recommendation

Configure the Mainframe Product to permit authorized users to remotely view/hear, in real time, all content related to an established user session from a component separate from the Mainframe Product being monitored.

If an ESM is in use, configure rules to restrict the ability to remotely view/hear, in real time, all content related to an established user session from a component separate from the Mainframe Product being monitored to system programmers and security administrators.

Check Contents

If the Mainframe Product has no function or capability for session operations, this is not applicable.

Examine installation and configuration settings.

If the Mainframe Product does not have the capability to remotely view/hear, in real time, all content related to an established user session from a component separate from the Mainframe Product being monitored, this a finding.

If the Mainframe Product does not restrict this capability to system programmers and security administrators, this is a finding.

If an external security manager (ESM) is in use, verify that the ESM restricts the capability to remotely view/hear, in real time, all content related to an established user session from a component separate from the Mainframe Product being monitored to system programmers or security administrators.

If it does not, this is a finding.

Vulnerability Number

V-68239

Documentable

False

Rule Version

SRG-APP-000355-MFP-000139

Severity Override Guidance

If the Mainframe Product has no function or capability for session operations, this is not applicable.

Examine installation and configuration settings.

If the Mainframe Product does not have the capability to remotely view/hear, in real time, all content related to an established user session from a component separate from the Mainframe Product being monitored, this a finding.

If the Mainframe Product does not restrict this capability to system programmers and security administrators, this is a finding.

If an external security manager (ESM) is in use, verify that the ESM restricts the capability to remotely view/hear, in real time, all content related to an established user session from a component separate from the Mainframe Product being monitored to system programmers or security administrators.

If it does not, this is a finding.

Check Content Reference

M

Target Key

3061

Comments