← Back to z/OS IBM CICS Transaction Server for ACF2 Security Technical Implementation Guide

V-224310

CAT II (Medium)

CICS startup JCL statement is not specified in accordance with the proper security requirements.

Rule ID

SV-224310r1141396_rule

STIG

z/OS IBM CICS Transaction Server for ACF2 Security Technical Implementation Guide

Version

V7R2

CCIs

CCI-000366

Discussion

The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within a CICS region. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting the confidentiality, integrity, and availability of the CICS region, applications, and customer data.

Check Content

Refer to the following report produced by the z/OS Data Collection:

- EXAM.RPT(CICSPROC).

Refer to the CICS Systems Programmer Worksheets filled out from previous vulnerability ZCIC0010.

If every CICS region on the system has the ACF2PARM DD statement in the CICS startup JCL, this is not a finding.

Fix Text

The ISSO will ensure that each CICS region procedure has the ACF2/CICS parameter dataset specified.

Ensure every CICS region on the system has the ACF2PARM DD statement in the CICS startup JCL.

View the started task proc for each CICS region in SYS3.PROCLIB using ISPF.