| V-259728 | | Access to IBM Security zSecure installation data sets must be properly restricted and logged. | If the zSecure application were to allow any user to make changes to software libraries, those changes might be implemented without undergoing the app... |
| V-259729 | | Access to IBM Security zSecure STC data sets must be properly restricted and logged. | IBM Security zSecure STC have the ability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to the... |
| V-259730 | | Access to IBM Security zSecure user data sets must be properly restricted and logged. | If zSecure were to allow inappropriate reading or updating of user data sets, sensitive information could be disclosed, or changes might result in inc... |
| V-259731 | | Started tasks for IBM Security zSecure products must be properly defined. | Started tasks and batch job IDs can be automatically revoked accidentally if not properly protected. When properly protected STCs prevent any attempts... |
| V-259732 | | Access to IBM Security zSecure program resources must be limited to authorized users. | Functional access (which is controlled with access to XFACILIT profiles) must not commingle multiple functions under a single resource profile.... |
| V-259733 | | IBM Security zSecure must prevent nonprivileged users from executing privileged zSecure functions. | Preventing nonprivileged users from executing privileged zSecure functions mitigates the risk that unauthorized individuals or processes may gain unne... |
| V-259734 | | The IBM Security zSecure programs CKFCOLL and CKGRACF, and the APF-authorized version of program CKRCARLA, must be restricted to security administrators, security batch jobs performing External Security Manager (ESM) maintenance, auditors, and systems programmers, and must be audited. | Users authorized to use the zSecure program CKFCOLL can collect z/OS system information that is not accessible to regular users.
Users authorized to... |
| V-259735 | | IBM Security zSecure must implement organization-defined automated security responses if baseline zSecure configurations are changed in an unauthorized manner. | Unauthorized changes to the zSecure baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the sys... |
| V-259736 | | IBM Security zSecure must remove all upgraded/replaced zSecure software components that are no longer required for operation after updated versions have been installed. | Previous versions of zSecure products and components that are not removed from the information system after updates have been installed may be exploit... |
| V-259737 | | IBM Security zSecure system administrators must install security-relevant zSecure software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs). | Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovere... |
| V-259738 | | XFACILIT class, or alternate class if specified in module CKRSITE, must be active. | The zSecure resource class that is configured for the zSecure access checks must be active to receive valid Allow/Deny responses from external securit... |
