z/OS IBM CICS Transaction Server for TSS Security Technical Implementation Guide

Overview

Version	Date	Finding Count (9)			Downloads
V7R2	2025-09-28	CAT I (High): 0	CAT II (Medium): 9	CAT III (Low): 0	Excel ↓JSON ↓XML ↓

STIG Description

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive
II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive
III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings - MAC I - Mission Critical Public

Finding ID	Title	Description
V-224729	CICS system data sets are not properly protected.	CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to CIC...
V-224730	Sensitive CICS transactions are not protected in accordance with security requirements.	Sensitive CICS transactions offer the ability to circumvent transaction level controls for accessing resources under CICS. These transactions must be ...
V-224731	CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements.	The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within...
V-224732	CICS region logonid(s) must be defined and/or controlled in accordance with the security requirements.	CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or cont...
V-224733	CICS default logonid(s) must be defined and/or controlled in accordance with the security requirements.	CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or cont...
V-224734	CICS logonid(s) must be configured with proper timeout and signon limits.	CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or cont...
V-224735	IBM CICS Transaction Server SPI command resources must be properly defined and protected.	IBM CICS Transaction Server can run with sensitive system privileges, and potentially can circumvent system controls. Failure to properly control acce...
V-224736	CICS userids are not defined and/or controlled in accordance with proper security requirements.	CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or cont...
V-224737	Control options for the Top Secret CICS facilities must meet minimum requirements.	TSS CICS facilities define the security controls in effect for CICS regions. Failure to code the appropriate values could result in degraded security....