ROSCOE configuration/parameter values are not specified properly.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-225605 | SRG-OS-000018 | ZROST040 | SV-225605r1070314_rule | 2025-03-05 | 7 |
| Description |
|---|
| Product configuration/parameters control the security and operational characteristics of products. If these parameter values are improperly specified, security and operational controls may be weakened. This exposure may threaten the availability of the product applications, and compromise the confidentiality of customer data. |
| ℹ️ Check |
|---|
| Have the product system programmer display the configuration/parameter control statements used in the current running product to define or enable security. This information is located in the SYSIN DD statement in the JCL of the STC/Batch job. Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZROS0040) Verify the following specifications: Keyword Value EXTSEC TSS ACFEXT YES CLLEXT YES JOBEXT YES LIBEXT YES MONEXT YES PRVEXT YES RPFEXT YES UPSEXT YES If the above is true, this is not a finding. If the above is untrue, this is a finding. |
| ✔️ Fix |
|---|
| The product system programmer will verify that any configuration/parameters that are required to control the security of the product are properly configured and syntactically correct. Refer to the required parameters below: Example Keyword Value EXTSEC TSS ACFEXT YES CLLEXT YES JOBEXT YES LIBEXT YES MONEXT YES PRVEXT YES RPFEXT YES UPSEXT YES |