OpenControls Logo

STIG Viewer

z/OS Front End Processor for RACF Security Technical Implementation Guide

Overview

VersionDateFinding Count (5)Downloads
72024-12-16CAT I (High): 0CAT II (Medium): 5CAT III (Low): 0
Excel ↓JSON ↓XML ↓
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.
ClassifiedPublicSensitive
I - Mission Critical ClassifiedI - Mission Critical PublicI - Mission Critical Sensitive
II - Mission Support ClassifiedII - Mission Support PublicII - Mission Support Sensitive
III - Administrative ClassifiedIII - Administrative PublicIII - Administrative Sensitive

Findings - All

Finding IDSeverityTitleDescription
V-224483
LOWMEDIUMHIGH
All hardware components of the FEPs are not placed in secure locations where they cannot be stolen, damaged, or disturbedIf components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized user...
V-224485
LOWMEDIUMHIGH
A documented procedure is not available instructing how to load and dump the FEP NCP (Network Control Program).If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized user...
V-224486
LOWMEDIUMHIGH
An active log is not available to keep track of all hardware upgrades and software changes made to the FEP (Front End Processor).If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized user...
V-224487
LOWMEDIUMHIGH
NCP (Net Work Control Program) Data set access authorization does not restricts UPDATE and/or ALLOCATE access to appropriate personnel.If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized user...
V-224488
LOWMEDIUMHIGH
A password control is not in place to restrict access to the service subsystem via the operator consoles (local and/or remote) and a key-lock switch is not used to protect the modem supporting the remote console of the service subsystem.If components of the FEPs are not properly protected they can be stolen, damaged, or disturbed. Without adequate physical security, unauthorized user...