National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vanguard Administrator and Analyzer z/OS RACF Checklist for completing an SRR audit manually. Version 6.33 6.33 - PDF Version Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
IBM RACF cpe:/a:ibm:racf (View CVEs)
IBM z/OS Version 1 Release 10 cpe:/o:ibm:z%2fos:1.10 (View CVEs)
IBM z/OS Version 1 Release 11 cpe:/o:ibm:z%2fos:1.11 (View CVEs)
IBM z/OS Version 1 Release 12 cpe:/o:ibm:z%2fos:1.12 (View CVEs)
IBM Z/OS Version 1, Release 9 cpe:/o:ibm:z%2fos:1.9 (View CVEs)
IBM z/OS Version 1 Release 13 cpe:/o:ibm:z%2fos (View CVEs)
IBM z/OS Version 2, Release 1 cpe:/o:ibm:z%2fos:2.1 (View CVEs)
IBM z/OS Version 2, Release 2 cpe:/o:ibm:z%2fos:2.2 (View CVEs)

Checklist Highlights

Checklist Name:
Vanguard Administrator and Analyzer z/OS RACF Checklist for completing an SRR audit manually. Version 6.33
Checklist ID:
768
Version:
6.33 - PDF Version
Type:
Compliance
Review Status:
Final
Authority:
Third Party: Vanguard Integrity Professionals, Inc.
Original Publication Date:
07/31/2017

Checklist Summary:

The purpose of this checklist is to provide z/OS environments utilizing the RACF security subsystem a method to execute a DOD DISA STIG checklist against the z/OS RACF platform using Vanguard Administrator and Vanguard Analyzer. This checklist is a more time and labor intensive manual process as compared to the process available via the z/OS STIG RACF Checklist which uses the Vanguard Configuration Manager Product.

Checklist Role:

  • Operating System

Known Issues:

Not provided

Target Audience:

z/OS RACF Security Personnel with systems programming knowledge or the ability to find some of the target datasets on their system (PROCLIBs, Parmlibs, APF list, etc.).

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

z/OS 1.11,1.12 ,1.13, 2.1, 2.2 and 2.3

Regulatory Compliance:

Department of Defense (DOD) 8500

Comments/Warnings/Miscellaneous:

Not provided

Disclaimer:

Not provided

Product Support:

Vendor will accept support calls.

Point of Contact:

Customer.support@go2vanguard.com

Sponsor:

Vanguard Integrity Professionals, Inc.

Licensing:

Copyrighted, royalty free license to use.

Change History:

Changed status from "under review" to "final" - 08 September 2015
updated to DISA STIG level 6.24
Updated status from "Under Review" to "Final" - 30 June 2015
Checklists updated for DISA 6.16 STIGS release
Checklists updated in conjunction with DISA 6.17 release of the zOS RACF STIGS on Oct 26,2013
Updated for version 6.18
Updated to version DOD DISA STIG 6.19
Updated to DOD DISA 6.20
Updated to 6.21
Changed Status to "Final" - 14 January 2015
Update to 6.25
Changed status from "Under Review" to "Final" - 30 December 2015
Updated to DISA Stigs 6.26
Promote to Final
changed to FINAL - 5/5/2016
changes for 6.27
Promoted to Final - 7/8/2016
Updated to 6.28
Update to FINAL - 10/26/16
Updated to 6.29
Updated to FINAL - 02/13/2017
Added 6.30 changes
Updated to 6.31
Updated to FINAL - 06/27/2017
Updated to 6.32
Updated to FINAL - 10/3/2017
Changed from 32 to 33
added Z/OS 2.3 to general
Updated to FINAL - 12/20/2017
Updated URLs per Vanguard - 8/20/19

Dependency/Requirements:

URL Description
https://public.cyber.mil/ DISA STIG webpage

References:

Reference URL Description

NIST checklist record last modified on 08/20/2019