Documentation - V-223915

Title

CA-TSS must limit all system PROCLIB data sets to system programmers only and appropriate authorized users.

Description

<VulnDiscussion>To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implem...

Fix Text (Documentation Requirement)

Configure ESM data set rules to restrict all WRITE and/or greater access to all PROCLIBs referenced in the Master JCL and JES2 or JES3 procedure for started tasks (STCs) and TSO logons to systems programming personnel only. Suggestion on how to update system to be compliant with this vulnerability: NOTE: All examples are only examples and may not reflect your operating environment. Obtain only the PROCLIB data sets that contain STC and TSO procedures. The data sets to be reviewed are obtained using the following steps: -All data sets contained in the MSTJCLxx member in the DD statement concatenation for IEFPDSI and IEFJOBS. -The data set in the PROCxx DD statement concatenation that are within the JES2 procedure or identified in the JES2 dynamic PROCLIB definitions. The specific PROCxx...