STIGQter: STIG Summary: Mainframe Product Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

The Mainframe Product must audit the enforcement actions used to restrict access associated with changes to the application.

DISA Rule

SV-82801r1_rule

Vulnerability Number

V-68311

Group Title

SRG-APP-000381-MFP-000188

Rule Version

SRG-APP-000381-MFP-000188

Severity

CAT II

CCI(s)

• CCI-001814 - The Information system supports auditing of the enforcement actions.

Weight

10

Fix Recommendation

Configure Mainframe Product change management settings to audit the enforcement actions used to restrict access associated with changes to application configuration to appropriate users according to organizational change policies.

Check Contents

Examine Configuration settings.

Examine organization change management policies.

If the Mainframe Product does not audit the enforcement actions used to access restriction associated with changes to the application in accordance with change management policies using System Management Facility (SMF) or an external security manager audit, this is a finding.

Vulnerability Number

V-68311

Documentable

False

Rule Version

SRG-APP-000381-MFP-000188

Severity Override Guidance

Examine Configuration settings.

Examine organization change management policies.

If the Mainframe Product does not audit the enforcement actions used to access restriction associated with changes to the application in accordance with change management policies using System Management Facility (SMF) or an external security manager audit, this is a finding.

Check Content Reference

M

Target Key

3061

Comments