Checked | Name | Title |
---|
☐ | SV-223419r533198_rule | IBM z/OS Certificate Name Filtering must be implemented with appropriate authorization and documentation. |
☐ | SV-223420r533198_rule | IBM z/OS must not use Expired Digital Certificates. |
☐ | SV-223421r533198_rule | All IBM z/OS digital certificates in use must have a valid path to a trusted Certification authority. |
☐ | SV-223422r533198_rule | CA-ACF2 OPTS GSO record must be set to ABORT mode. |
☐ | SV-223423r533198_rule | The number of ACF2 users granted the special privilege PPGM must be justified. |
☐ | SV-223424r533198_rule | The number of ACF2 users granted the special privilege OPERATOR must be kept to a strictly controlled minimum. |
☐ | SV-223425r533198_rule | The number of ACF2 users granted the special privilege CONSOLE must be justified. |
☐ | SV-223426r533198_rule | The number of ACF2 users granted the special privilege ALLCMDS must be justified. |
☐ | SV-223427r533198_rule | IBM z/OS system commands must be properly protected. |
☐ | SV-223428r533198_rule | IBM z/OS Sensitive Utility Controls must be properly defined and protected. |
☐ | SV-223429r533198_rule | CA-ACF2 NJE GSO record value must indicate validation options that apply to jobs submitted through a network job entry subsystem (JES2, JES3, RSCS). |
☐ | SV-223430r533198_rule | CA-ACF2 must protect Memory and privileged program dumps in accordance with proper security requirements. |
☐ | SV-223431r533198_rule | CA-ACF2 must properly define users that have access to the CONSOLE resource in the TSOAUTH resource class. |
☐ | SV-223432r533198_rule | CA-ACF2 must limit update and allocate access to system backup files to system programmers and/or batch jobs that perform DASD backups. |
☐ | SV-223433r533198_rule | CA-ACF2 must limit access to SYSTEM DUMP data sets to appropriate authorized users. |
☐ | SV-223434r533198_rule | CA-ACF2 must limit access to SYS(x).TRACE to system programmers only. |
☐ | SV-223435r560937_rule | CA-ACF2 allocate access to system user catalogs must be properly protected. |
☐ | SV-223436r533198_rule | ACF2 Classes required to properly security the z/OS UNIX environment must be ACTIVE. |
☐ | SV-223437r533198_rule | Access to IBM z/OS special privilege TAPE-LBL or TAPE-BLP must be limited and/or justified. |
☐ | SV-223438r533198_rule | CA-ACF2 must limit access to System page data sets (i.e., PLPA, COMMON, and LOCALx) to system programmers. |
☐ | SV-223439r533198_rule | IBM z/OS must protect dynamic lists in accordance with proper security requirements. |
☐ | SV-223440r533198_rule | IBM z/OS Libraries included in the system REXXLIB concatenation must be properly protected. |
☐ | SV-223441r533198_rule | CA-ACF2 must limit Write or greater access to SYS1.UADS To system programmers only and read and update access must be limited to system programmer personnel and/or security personnel. |
☐ | SV-223442r533198_rule | CA-ACF2 must limit all system PROCLIB data sets to appropriate authorized users. |
☐ | SV-223443r560998_rule | CA-ACF2 access to the System Master Catalog must be properly protected. |
☐ | SV-223444r533198_rule | IBM z/OS MCS consoles access authorization(s) for CONSOLE resource(s) must be properly protected. |
☐ | SV-223445r533198_rule | CA-ACF2 must limit Write or greater access to SYS1.NUCLEUS to system programmers only. |
☐ | SV-223446r533198_rule | CA-ACF2 must limit Write or greater access to SYS1.LPALIB to system programmers only. |
☐ | SV-223447r533198_rule | CA-ACF2 must limit Write or greater access to SYS1.IMAGELIB to system programmers. |
☐ | SV-223448r533198_rule | CA-ACF2 must limit Write or greater access to Libraries containing EXIT modules to system programmers only. |
☐ | SV-223449r533198_rule | CA-ACF2 must limit Update and Allocate access to all APF-authorized libraries to system programmers only. |
☐ | SV-223450r533198_rule | CA-ACF2 must limit Write or greater access to all LPA libraries to system programmers only. |
☐ | SV-223451r533198_rule | CA-ACF2 must limit Update and Allocate access to LINKLIST libraries to system programmers only. |
☐ | SV-223452r533198_rule | CA-ACF2 must limit update and allocate access to all system-level product installation libraries to system programmers only. |
☐ | SV-223453r533198_rule | CA-ACF2 must limit Write or greater access to SYS1.SVCLIB to system programmers only. |
☐ | SV-223454r533198_rule | CA-ACF2 Access to SYS1.LINKLIB must be properly protected. |
☐ | SV-223455r533198_rule | CA-ACF2 must limit access to data sets used to back up and/or dump SMF collection files to appropriate users and/or batch jobs that perform SMF dump processing. |
☐ | SV-223456r533198_rule | CA-ACF2 LOGONIDs must not be defined to SYS1.UADS for non-emergency use. |
☐ | SV-223457r533198_rule | IBM z/OS IEASYMUP resource must be protected in accordance with proper security requirements. |
☐ | SV-223458r533198_rule | CA-ACF2 must limit Update and Allocate access to system backup files to system programmers and/or batch jobs that perform DASD backups. |
☐ | SV-223459r533198_rule | ACF2 PPGM GSO record value must specify protected programs that are only executed by privileged users. |
☐ | SV-223462r533198_rule | The CA-ACF2 PSWD GSO record values for MAXTRY and PASSLMT must be properly set. |
☐ | SV-223463r533198_rule | IBM z/OS SYS1.PARMLIB must be properly protected. |
☐ | SV-223464r533198_rule | CA-ACF2 must be installed, functional, and properly configured. |
☐ | SV-223465r533198_rule | CA-ACF2 must limit update and allocate access to the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) to system programmers only. |
☐ | SV-223466r533198_rule | CA-ACF2 must limit Write or greater access to libraries that contain PPT modules to system programmers only. |
☐ | SV-223467r533198_rule | The EXITS GSO record value must specify the module names of site written ACF2 exit routines. |
☐ | SV-223468r533198_rule | The CA-ACF2 LOGONID with the REFRESH attribute must have procedures for utilization. |
☐ | SV-223469r533198_rule | IBM z/OS TSO GSO record values must be set to the values specified. |
☐ | SV-223470r533198_rule | IBM z/OS procedures must restrict ACF2 LOGONIDs with the READALL attribute to auditors and/or authorized users. |
☐ | SV-223471r533198_rule | IBM z/OS must have the RULEVLD and RSRCVLD attributes specified for LOGONIDs with the SECURITY attribute. |
☐ | SV-223472r533198_rule | IBM z/OS LOGONIDs with the AUDIT or CONSULT attribute must be properly scoped. |
☐ | SV-223473r533198_rule | IBM z/OS LOGONID with the ACCTPRIV attribute must be restricted to the ISSO. |
☐ | SV-223474r533198_rule | IBM z/OS batch jobs with restricted ACF2 LOGONIDs must have the PGM(xxxxxxxx) and SUBAUTH attributes or the SOURCE(xxxxxxxx) attribute assigned to the corresponding LOGONIDs. |
☐ | SV-223475r695416_rule | CA-ACF2 RULEOPTS GSO record values must be set to the values specified. |
☐ | SV-223476r695413_rule | The CA-ACF2 GSO OPTS record value must be properly specified. |
☐ | SV-223477r533198_rule | CA-ACF2 must prevent the use of dictionary words for passwords. |
☐ | SV-223478r533198_rule | CA-ACF2 database must be on a separate physical volume from its backup and recovery data sets. |
☐ | SV-223479r533198_rule | CA-ACF2 database must be backed up on a scheduled basis. |
☐ | SV-223480r533198_rule | ACF2 REFRESH attribute must be restricted to security administrators only. |
☐ | SV-223481r695419_rule | ACF2 maintenance LOGONIDs must have corresponding GSO MAINT records. |
☐ | SV-223482r533198_rule | ACF2 LOGONIDs with the NON-CNCL attribute specified in the associated LOGONID record must be listed as trusted and must be specifically approved. |
☐ | SV-223483r533198_rule | ACF2 LOGONIDs with the ACCOUNT, LEADER, or SECURITY attribute must be properly scoped. |
☐ | SV-223484r533198_rule | ACF2 LOGONIDs associated with started tasks that have the MUSASS attribute and the requirement to submit jobs on behalf of its users must have the JOBFROM attribute as required. |
☐ | SV-223485r533198_rule | ACF2 LOGONIDs assigned for started tasks must have the STC attribute specified in the associated LOGONID record. |
☐ | SV-223486r533198_rule | ACF2 emergency LOGONIDS with the REFRESH attribute must have the SUSPEND attribute specified. |
☐ | SV-223487r533198_rule | ACF2 BACKUP GSO record must be defined with a TIME value specifies greater than 00 unless the database is shared and backed up on another system. |
☐ | SV-223488r533198_rule | ACF2 APPLDEF GSO record if used must have supporting documentation indicating the reason it was used. |
☐ | SV-223489r533198_rule | ACF2 MAINT GSO record value if specified must be restricted to production storage management user. |
☐ | SV-223490r533198_rule | ACF2 LINKLST GSO record if specified must only contains trusted system data sets. |
☐ | SV-223491r533198_rule | IBM z/OS must properly protect MCS console userid(s). |
☐ | SV-223492r533198_rule | ACF2 BLPPGM GSO record must not be defined. |
☐ | SV-223493r695420_rule | IBM z/OS UID(0) must be properly assigned. |
☐ | SV-223494r533198_rule | IBM z/OS user account for the UNIX kernel (OMVS) must be properly defined to the security database. |
☐ | SV-223495r533198_rule | IBM z/OS user account for the UNIX (RMFGAT) must be properly defined. |
☐ | SV-223496r533198_rule | ACF2 LOGONIDs must be defined with the required fields completed. |
☐ | SV-223497r533198_rule | CA-ACF2 defined user accounts must uniquely identify system users. |
☐ | SV-223498r533198_rule | CA-ACF2 userids found inactive for more than 35 days must be suspended. |
☐ | SV-223499r695422_rule | CA-ACF2 PWPHRASE GSO record must be properly defined. |
☐ | SV-223500r695424_rule | CA-ACF2 must enforce password complexity by requiring that at least one special character be used. |
☐ | SV-223501r695426_rule | ACF2 PSWD GSO record value must be set to require at least one upper-case character be used. |
☐ | SV-223502r695429_rule | ACF2 PSWD GSO record value must be set to require at least one numeric character be used. |
☐ | SV-223503r695431_rule | ACF2 PSWD GSO record value must be set to require at least one lower-case character be used. |
☐ | SV-223504r695433_rule | ACF2 PSWD GSO record value must be set to require the change of at least 50% of the total number of characters when passwords are changed. |
☐ | SV-223505r695435_rule | ACF2 must use NIST FIPS-validated cryptography to protect passwords in the security database. |
☐ | SV-223506r695437_rule | ACF2 PSWD GSO record value must be set to require a 60-day maximum password lifetime restriction. |
☐ | SV-223507r695439_rule | ACF2 PSWD GSO record value must be set to require 24 hours/1 day as the minimum password lifetime. |
☐ | SV-223508r695441_rule | ACF2 PSWD GSO record value must be set to prohibit password reuse for a minimum of five generations or more. |
☐ | SV-223509r695443_rule | ACF2 TSOTWX GSO record values must be set to obliterate the logon password on TWX devices. |
☐ | SV-223510r533198_rule | ACF2 TSOCRT GSO record values must be set to obliterate the logon to ASCII CRT devices. |
☐ | SV-223511r695445_rule | ACF2 TSO2741 GSO record values must be set to obliterate the logon password on 2741 devices. |
☐ | SV-223512r695447_rule | ACF2 SECVOLS GSO record value must be set to VOLMASK(). Any local changes are justified and documented with the ISSO. |
☐ | SV-223513r695449_rule | ACF2 RESVOLS GSO record value must be set to Volmask(-). Any other setting requires documentation justifying the change. |
☐ | SV-223514r533198_rule | ACF2 security data sets and/or databases must be properly protected. |
☐ | SV-223515r533198_rule | ACF2 AUTOERAS GSO record value must be set to indicate that ACF2 is controlling the automatic physical erasure of VSAM or non VSAM data sets. |
☐ | SV-223516r695451_rule | The operating system must enforce a minimum 8-character password length. |
☐ | SV-223517r533198_rule | IBM z/OS SMF recording options for the FTP Server must be configured to write SMF records for all eligible events. |
☐ | SV-223518r533198_rule | IBM z/OS data sets for the FTP Server must be properly protected. |
☐ | SV-223519r533198_rule | IBM z/OS permission bits and user audit bits for HFS objects that are part of the FTP Server component must be properly configured. |
☐ | SV-223520r533198_rule | IBM z/OS FTP.DATA configuration statements must have a proper BANNER statement with the Standard Mandatory DoD Notice and Consent Banner. |
☐ | SV-223521r533198_rule | IBM z/OS warning banner for the FTP Server must be properly specified. |
☐ | SV-223522r533198_rule | IBM z/OS FTP.DATA configuration statements for the FTP Server must specify the BANNER statement. |
☐ | SV-223523r533198_rule | IBM z/OS FTP Control cards must be properly stored in a secure PDS file. |
☐ | SV-223524r533198_rule | The IBM z/OS TFTP Server program must be properly protected. |
☐ | SV-223525r533198_rule | IBM z/OS FTP Server daemon must be defined with proper security parameters. |
☐ | SV-223526r533198_rule | IBM z/OS startup parameters for the FTP Server must be defined in the SYSTCPD and SYSFTPD DD statements for configuration files. |
☐ | SV-223527r533198_rule | IBM z/OS FTP.DATA configuration for the FTP Server must have INACTIVE statement properly set. |
☐ | SV-223528r533198_rule | IBM z/OS JESTRACE and/or SYSLOG resources must be protected in accordance with security requirements. |
☐ | SV-223529r533198_rule | IBM z/OS JESSPOOL resources must be protected in accordance with security requirements. |
☐ | SV-223530r533198_rule | IBM z/OS JESNEWS resources must be protected in accordance with security requirements. |
☐ | SV-223531r533198_rule | IBM z/OS JES2 system commands must be protected in accordance with security requirements. |
☐ | SV-223532r533198_rule | IBM z/OS JES2 spool resources must be controlled in accordance with security requirements. |
☐ | SV-223533r533198_rule | IBM z/OS JES2 output devices must be properly controlled for Classified Systems. |
☐ | SV-223534r533198_rule | IBM z/OS JES2 output devices must be controlled in accordance with the proper security requirements. |
☐ | SV-223535r533198_rule | IBM z/OS JES2 input sources must be controlled in accordance with the proper security requirements. |
☐ | SV-223536r533198_rule | IBM z/OS Surrogate users must be controlled in accordance with proper security requirements. |
☐ | SV-223537r533198_rule | The IBM z/OS BPX.SMF resource must be properly configured. |
☐ | SV-223538r533198_rule | IBM z/OS must implement DoD-approved encryption to protect the confidentiality of remote access sessions. |
☐ | SV-223539r533198_rule | IBM z/OS Inapplicable PPT entries must be invalidated. |
☐ | SV-223540r533198_rule | IBM z/OS system administrator must develop a process notify appropriate personnel when accounts are removed. |
☐ | SV-223541r533198_rule | IBM z/OS system administrator must develop a process notify appropriate personnel when accounts are modified. |
☐ | SV-223542r533198_rule | IBM z/OS system administrator must develop a process notify appropriate personnel when accounts are deleted. |
☐ | SV-223543r533198_rule | IBM z/OS system administrator must develop a process notify appropriate personnel when accounts are created. |
☐ | SV-223544r533198_rule | IBM z/OS Required SMF data record types must be collected. |
☐ | SV-223545r533198_rule | IBM z/OS special privileges must be assigned on an as-needed basis to LOGONIDs associated with STCs and LOGONIDs that need to execute TSO in batch. |
☐ | SV-223546r533198_rule | IBM z/OS must specify SMF data options to assure appropriate activation. |
☐ | SV-223547r533198_rule | IBM z/OS SMF collection files (system MANx data sets or LOGSTREAM DASD) must have storage capacity to store at least one weeks worth of audit data. |
☐ | SV-223548r533198_rule | IBM z/OS system administrators must develop an automated process to collect and retain SMF data. |
☐ | SV-223549r533198_rule | IBM z/OS BUFUSEWARN in the SMFPRMxx must be properly set. |
☐ | SV-223550r533198_rule | IBM z/OS NOBUFFS in SMFPRMxx must be properly set (Default is MSG). |
☐ | SV-223551r533198_rule | IBM z/OS SNTP daemon (SNTPD) permission bits must be properly configured. |
☐ | SV-223552r533198_rule | IBM z/OS SNTP daemon (SNTPD) must be active. |
☐ | SV-223553r533198_rule | IBM z/OS PARMLIB CLOCKxx must have the Accuracy PARM coded properly. |
☐ | SV-223554r533198_rule | IBM z/OS SMF collection files (i.e., SYS1.MANx) access must be limited to appropriate users and/or batch jobs that perform SMF dump processing. |
☐ | SV-223555r533198_rule | IBM z/OS system administrator must develop a process to notify ISSOs of account enabling actions. |
☐ | SV-223556r533198_rule | IBM z/OS PASSWORD data set and OS passwords must not be used. |
☐ | SV-223557r533198_rule | IBM z/OS must configure system waittimes to protect resource availability based on site priorities. |
☐ | SV-223558r533198_rule | IBM z/OS Emergency LOGONIDs must be properly defined. |
☐ | SV-223559r533198_rule | IBM z/OS DFSMS control data sets must reside on separate storage volumes. |
☐ | SV-223560r533198_rule | IBM z/OS Policy Agent must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems. |
☐ | SV-223561r533198_rule | Unsupported IBM z/OS system software must not be installed and/or active on the system. |
☐ | SV-223562r533198_rule | IBM z/OS must not allow non-existent or inaccessible LINKLIST libraries. |
☐ | SV-223563r533198_rule | IBM z/OS must not allow non-existent or inaccessible Link Pack Area (LPA) libraries. |
☐ | SV-223564r533198_rule | IBM z/OS must not have inaccessible APF libraries defined. |
☐ | SV-223565r533198_rule | IBM z/OS LNKAUTH=APFTAB must be specified in the IEASYSxx member(s) in the currently active parmlib data set(s). |
☐ | SV-223566r533198_rule | Duplicated IBM z/OS sensitive utilities and/or programs must not exist in APF libraries. |
☐ | SV-223567r533198_rule | IBM z/OS must properly configure CONSOLxx members. |
☐ | SV-223568r695454_rule | IBM z/OS must use SAF Key Rings for key management. |
☐ | SV-223569r533198_rule | The IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 for full disk encryption. |
☐ | SV-223570r533198_rule | IBM z/OS sensitive and critical system data sets must not exist on shared DASD. |
☐ | SV-223571r533198_rule | IBM z/OS Policy agent must contain a policy that protects against or limits the effects of Denial of Service (DoS) attacks by ensuring the operating system is implementing rate-limiting measures on impacted network interfaces. |
☐ | SV-223572r533198_rule | IBM z/OS Policy agent must contain a policy that manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks. |
☐ | SV-223573r533198_rule | IBM z/OS must employ a session manager to manage retaining a users session lock until that user reestablishes access using established identification and authentication procedures. |
☐ | SV-223574r533198_rule | IBM z/OS system administrator must develop a procedure to notify designated personnel if baseline configurations are changed in an unauthorized manner. |
☐ | SV-223575r533198_rule | IBM z/OS must employ a session manager that conceal, via the session lock, information previously visible on the display with a publicly viewable image. |
☐ | SV-223576r533198_rule | IBM z/OS must employ a session manager to manage session lock after a 15-minute period of inactivity. |
☐ | SV-223577r533198_rule | IBM z/OS System Administrator must develop a procedure to automatically remove or disable temporary user accounts after 72 hours. |
☐ | SV-223578r533198_rule | IBM z/OS system administrator must develop a procedure to automatically remove or disable emergency accounts after the crisis is resolved or 72 hours. |
☐ | SV-223579r533198_rule | IBM z/OS system administrator must develop a procedure to notify system administrators and ISSOs of account enabling actions. |
☐ | SV-223580r533198_rule | IBM z/OS system administrator must develop a procedure to terminate all sessions and network connections related to nonlocal maintenance when nonlocal maintenance is completed. |
☐ | SV-223581r533198_rule | IBM z/OS system administrator must develop a procedure to remove all software components after updated versions have been installed. |
☐ | SV-223582r533198_rule | IBM z/OS system administrator must develop a procedure to shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered. |
☐ | SV-223583r533198_rule | IBM z/OS must employ a session manager configured for users to directly initiate a session lock for all connection types. |
☐ | SV-223584r533198_rule | ACF2 system administrator must develop a procedure to disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. |
☐ | SV-223585r533198_rule | IBM z/OS system administrator must develop a procedure to offload SMF files to a different system or media than the system being audited. |
☐ | SV-223586r533198_rule | IBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events. |
☐ | SV-223587r533198_rule | IBM z/OS SSH daemon must be configured with the Department of Defense (DoD) logon banner. |
☐ | SV-223588r533198_rule | IBM z/OS SSH daemon must be configured to only use the SSHv2 protocol. |
☐ | SV-223589r533198_rule | IBM z/OS SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm. |
☐ | SV-223590r533198_rule | IBM z/OS permission bits and user audit bits for HFS objects that are part of the Syslog daemon component must be configured properly. |
☐ | SV-223591r533198_rule | IBM z/OS Syslog daemon must be started at z/OS initialization. |
☐ | SV-223592r533198_rule | IBM z/OS Syslog daemon must be properly defined and secured. |
☐ | SV-223593r533198_rule | IBM z/OS DFSMS resource class(es) must be defined to the GSO CLASMAP record in accordance with security requirements. |
☐ | SV-223594r533198_rule | IBM z/OS DFSMS Program Resources must be properly defined and protected. |
☐ | SV-223595r533198_rule | IBM z/OS DFSMS control data sets must be protected in accordance with security requirements. |
☐ | SV-223596r533198_rule | IBM z/OS DFMSM resource class(es)must be defined to the GSO SAFDEF record in accordance with security requirements. |
☐ | SV-223597r533198_rule | IBM z/OS DFSMS resources must be protected in accordance with the proper security requirements. |
☐ | SV-223598r533198_rule | IBM z/OS using DFSMS must properly specify SYS(x).PARMLIB(IGDSMSxx), SMS parameter settings. |
☐ | SV-223599r533198_rule | IBM z/OS PROFILE.TCPIP configuration statements for the TCP/IP stack must be coded properly. |
☐ | SV-223600r533198_rule | IBM z//OS must be configured to restrict all TCP/IP ports to ports, protocols, and/or services as defined in the PPSM CAL and vulnerability assessments. |
☐ | SV-223601r533198_rule | IBM z/OS TCP/IP resources must be properly protected. |
☐ | SV-223602r533198_rule | IBM z/OS permission bits and user audit bits for HFS objects that are part of the Base TCP/IP component must be configured properly. |
☐ | SV-223603r533198_rule | IBM z/OS data sets for the Base TCP/IP component must be properly protected. |
☐ | SV-223604r533198_rule | IBM z/OS Configuration files for the TCP/IP stack must be properly specified. |
☐ | SV-223605r533198_rule | IBM z/OS Started tasks for the Base TCP/IP component must be defined in accordance with security requirements. |
☐ | SV-223606r533198_rule | IBM z/OS PROFILE.TCPIP configuration statement must include SMFPARMS and/or SMFCONFIG statement for each TCP/IP stack. |
☐ | SV-223607r533198_rule | IBM z/OS TCPIP.DATA configuration statement must contain the DOMAINORIGIN or DOMAIN specified for each TCP/IP defined. |
☐ | SV-223608r533198_rule | IBM z/OS PROFILE.TCPIP configuration INACTIVITY statement must be configured to 900 seconds. |
☐ | SV-223609r533198_rule | IBM z/OS SMF recording options for the TN3270 Telnet Server must be properly specified. |
☐ | SV-223610r533198_rule | IBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS. |
☐ | SV-223611r533198_rule | IBM z/OS TN3270 Telnet Server configuration statement MSG10 text must have the Standard Mandatory DoD Notice and Consent Banner. |
☐ | SV-223612r533198_rule | IBM z/OS warning banner for the TN3270 Telnet Server must be properly specified. |
☐ | SV-223613r533198_rule | IBM z/OS VTAM session setup controls for the TN3270 Telnet Server must be properly specified. |
☐ | SV-223614r533198_rule | IBM z/OS PROFILE.TCPIP configuration for the TN3270 Telnet Server must have INACTIVE statement properly specified. |
☐ | SV-223615r533198_rule | IBM z/OS TSOAUTH resources must be restricted to authorized users. |
☐ | SV-223616r533198_rule | IBM z/OS UNIX SUPERUSER resource must be protected in accordance with guidelines. |
☐ | SV-223617r533198_rule | IBM z/OS UNIX security parameters in etc/profile must be properly specified. |
☐ | SV-223618r533198_rule | IBM z/OS UNIX security parameters in /etc/rc must be properly specified. |
☐ | SV-223619r561301_rule | IBM z/OS UNIX resources must be protected in accordance with security requirements. |
☐ | SV-223620r533198_rule | IBM z/OS UNIX MVS HFS directory(s) with other write permission bit set must be properly defined. |
☐ | SV-223621r533198_rule | IBM z/OS BPX resource(s) must be protected in accordance with security requirements. |
☐ | SV-223622r533198_rule | IBM z/OS UNIX SYSTEM FILE SECURITY SETTINGS must be properly protected or specified. |
☐ | SV-223623r533198_rule | IBM z/OS UNIX MVS data sets with z/OS UNIX components must be properly protected. |
☐ | SV-223624r533198_rule | IBM z/OS UNIX MVS data sets or HFS objects must be properly protected. |
☐ | SV-223625r533198_rule | IBM z/OS UNIX HFS permission bits and audit bits for each directory must be properly protected. |
☐ | SV-223626r533198_rule | IBM z/OS UNIX MVS data sets used as step libraries in /etc/steplib must be properly protected. |
☐ | SV-223627r533198_rule | IBM z/OS UNIX SYSTEM FILE SECURITY SETTINGS must be properly protected or specified. |
☐ | SV-223628r533198_rule | IBM z/OS UNIX HFS permission bits and audit bits for each directory must be properly protected or specified. |
☐ | SV-223629r533198_rule | IBM z/OS UNIX OMVS parameters in PARMLIB must be properly specified. |
☐ | SV-223630r533198_rule | IBM z/OS UNIX HFS MapName files security parameters must be properly specified. |
☐ | SV-223631r533198_rule | IBM z/OS UNIX BPXPRMxx security parameters in PARMLIB must be properly specified. |
☐ | SV-223632r533198_rule | IBM z/OS User exits for the FTP Server must not be used without proper approval and documentation. |
☐ | SV-223633r695457_rule | IBM z/OS UNIX security parameters for restricted network service(s) in /etc/inetd.conf must be properly specified. |
☐ | SV-223634r533198_rule | IBM z/OS user account for the z/OS UNIX SUPERSUSER userid must be properly defined. |
☐ | SV-223635r533198_rule | IBM z/OS UNIX user accounts must be properly defined. |
☐ | SV-223636r533198_rule | IBM z/OS UNIX groups must be defined with a unique GID. |
☐ | SV-223637r533198_rule | IBM z/OS Attributes of z/OS UNIX user accounts must have a unique GID in the range of 1-99. |
☐ | SV-223638r533198_rule | IBM z/OS Attributes of UNIX user accounts used for account modeling must be defined in accordance with security requirements. |
☐ | SV-223639r533198_rule | IBM z/OS startup user account for the z/OS UNIX Telnet Server must be defined properly. |
☐ | SV-223640r533198_rule | IBM z/OS HFS objects for the z/OS UNIX Telnet Server must be properly protected. |
☐ | SV-223641r560914_rule | IBM z/OS UNIX Telnet Server etc/banner file must have the Standard Mandatory DoD Notice and Consent Banner. |
☐ | SV-223642r533198_rule | IBM z/OS UNIX Telnet Server warning banner must be properly specified. |
☐ | SV-223643r533198_rule | IBM z/OS UNIX Telnet Server Startup parameters must be properly specified to display the banner. |
☐ | SV-223644r533198_rule | IBM z/OS System data sets used to support the VTAM network must be properly secured. |
☐ | SV-223645r533198_rule | IBM z/OS VTAM USSTAB definitions must not be used for unsecured terminals. |