Skip to main content
CUI

STIG Rule - V-224409

Back to STIG Browser

V-224409

SV-224409r1144801_rule

CAT II

BMC CONTROL-O security exits are not installed or configured properly.

From: z/OS BMC CONTROL-O for RACF Security Technical Implementation Guide (V7R2)

Description

<VulnDiscussion>The BMC CONTROL-O security exits enable access authorization checking to BMC CONTROL-O commands, features, and online functionality. If these exit(s) is (are) not in place, activities by unauthorized users may result. BMC CONTROL-O security exit(s) interface with the Access Control Program (ACP). If an unauthorized exit was introduced into the operating environment, system security could be weakened or bypassed. These exposures may result in the compromise of the operating system environment, ACP, and customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check Procedure

Interview the systems programmer responsible for the BMC CONTROL-O. Determine if the site has modified the following security exit(s): CTOSE01 CTOSE02 CTOSE03 CTOSE04 CTOSE08 CTOSE10 CTOSE15 Verify the above security exit(s) has (have) not been modified. If the above security exit(s) has (have) been modified, verify that the security exit(s) has (have) been approved by the site systems programmer and the approval is on file for examination.

Fix Text

The system programmer responsible for the BMC CONTROL-O will review the BMC CONTROL-O operating environment. Ensure that the following security exit(s) is (are) installed properly. Determine if the site has modified the following security exit(s): CTOSE01 CTOSE02 CTOSE03 CTOSE04 CTOSE08 CTOSE10 CTOSE15 Ensure that the security exit(s) has (have) not been modified. If the security exit(s) has (have) been modified, ensure the security exit(s) has (have) been checked as to not violate any security integrity within the system and approval documentation is on file.

CCI Reference

CCI-001744
Created
2026-04-07 20:08:42
Last Updated
2026-04-07 20:08:42
Back to Browse
CUI