z/OS IBM CICS Transaction Server for RACF Security Technical Implementation Guide
Overview
| Version | Date | Finding Count (9) | Downloads | ||
| V7R2 | 2025-09-27 | CAT I (High): 0 | CAT II (Medium): 9 | CAT III (Low): 0 | |
| STIG Description |
| This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. |
Findings - MAC II - Mission Support Public
| Finding ID | Severity | Title | Description |
|---|---|---|---|
| V-224492 | CICS system data sets are not properly protected. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Unauthorized access to CIC... | |
| V-224493 | Sensitive CICS transactions are not protected in accordance with security requirements. | Sensitive CICS transactions offer the ability to circumvent transaction-level controls for accessing resources under CICS. These transactions must be ... | |
| V-224494 | CICS System Initialization Table (SIT) parameter values must be specified in accordance with proper security requirements. | The CICS SIT is used to define system operation and configuration parameters of a CICS system. Several of these parameters control the security within... | |
| V-224495 | CICS region logonid(s) must be defined and/or controlled in accordance with the security requirements. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or cont... | |
| V-224496 | CICS default logonid(s) must be defined and/or controlled in accordance with the security requirements. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. An improperly defined or c... | |
| V-224497 | CICS logonid(s) must have timeout limit set to 15 minutes. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or cont... | |
| V-224498 | IBM CICS Transaction Server SPI command resources must be properly defined and protected. | IBM CICS Transaction Server can run with sensitive system privileges, and potentially can circumvent system controls. Failure to properly control acce... | |
| V-224499 | External RACF Classes are not active for CICS transaction checking. | Implement CICS transaction security by utilizing two distinct and unique RACF resource classes (i.e., member and grouping) within each CICS region. If... | |
| V-224500 | CICS regions are improperly protected to prevent unauthorized propagation of the region userid. | CICS is a transaction-processing product that provides programmers with the facilities to develop interactive applications. Improperly defined or cont... |