V-224449
SV-224449r1144668_rule
CAT II
CA 1 Tape Management user exits, when in use, must be reviewed and/or approved.
From: z/OS CA 1 Tape Management for RACF Security Technical Implementation Guide (V7R2)
Description
<VulnDiscussion>CA-1 Tape Management user exits, TMSUXnA and TMSUXnS, provide the capability to bypass or modify existing ACP controls. A review and evaluation of exit code must be performed to ensure that the integrity of the CA-1 processing environment is kept intact. Unauthorized usage of these exits may compromise the confidentiality and integrity of customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Refer to the following report produced by the z/OS Data Collection:
- CA1RPT(TMSCKLVL).
Determine if CA 1 user exits, TMSUXnA and TMSUXnS (for r11.5 and below) or TMSXITA and TMSXITS (for r12.0 and above) are active.
If both CA 1 user exits are not found, this is not a finding.
If one or both user exits are installed and the following requirements are true, this is not a finding:
The usage and function of the user exit(s) is fully documented.
The use of the user exit(s) is approved.
All associated documentation is on file with the ISSO.
Fix Text
Ensure that the site ISSO has reviewed, evaluated, and approved the usage of CA 1 user exits, TMSUXnA and TMSUXnS (for r11.5 and below) or TMSXITA and TMSXITS (for r12.0 and above). If one or both user exits are installed and the following requirements will be followed:
The usage and function of the user exit(s) is fully documented.
The use of the user exit(s) is approved.
All associated documentation is on file with the ISSO.
CCI Reference
CCI-001744- Created
- 2026-04-07 20:08:43
- Last Updated
- 2026-04-07 20:08:43