diff --git a/benchmarks/DISA/U_IBM_zSecure_Suite_STIG_V1R1_Manual-xccdf.xml b/benchmarks/DISA/U_IBM_zSecure_Suite_STIG_V1R1_Manual-xccdf.xml new file mode 100644 index 000000000..3bcc535d5 --- /dev/null +++ b/benchmarks/DISA/U_IBM_zSecure_Suite_STIG_V1R1_Manual-xccdf.xml @@ -0,0 +1,370 @@ +acceptedIBM zSecure Suite Security Technical Implementation GuideThis Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.DISASTIG.DOD.MILRelease: 1 Benchmark Date: 07 Feb 20243.4.1.229161.10.01I - Mission Critical Classified<ProfileDescription></ProfileDescription>I - Mission Critical Public<ProfileDescription></ProfileDescription>I - Mission Critical Sensitive<ProfileDescription></ProfileDescription>II - Mission Support Classified<ProfileDescription></ProfileDescription>II - Mission Support Public<ProfileDescription></ProfileDescription>II - Mission Support Sensitive<ProfileDescription></ProfileDescription>III - Administrative Classified<ProfileDescription></ProfileDescription>III - Administrative Public<ProfileDescription></ProfileDescription>III - Administrative Sensitive<ProfileDescription></ProfileDescription>SRG-APP-000023-MFP-000033<GroupDescription></GroupDescription>ZSEC-00-000020The IBM Security zSecure Suite products must use an external security manager (RACF, ACF2, or TSS) for all account management functions.<VulnDiscussion>Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. + +A comprehensive application account management process that includes automation helps to ensure accounts designated as requiring attention are consistently and promptly addressed. Examples include but are not limited to using automation to take action on multiple accounts designated as inactive, suspended, or terminated or by disabling accounts in noncentralized account stores, such as multiple servers. This requirement applies to all account types, including individual/user, shared, group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary, and service. + +The application must be configured to automatically provide account management functions, and these functions must immediately enforce the organization's current account policy. The automated mechanisms may reside within the application or be offered by the operating system or other infrastructure providing automated account management capabilities. Automated mechanisms may be composed of differing technologies that when placed together contain an overall automated mechanism supporting an organization's automated account management requirements. + +Account management functions include assignment of group or role membership; identifying account type; specifying user access authorizations (i.e., privileges); account removal, update, or termination; and administrative alerts. The use of automated mechanisms can include, for example, using email or text messaging to automatically notify account managers when users are terminated or transferred, using the information system to monitor account usage, and using automated telephonic notification to report atypical system account usage.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-000015Ensure READ access to zSecure functional resources is restricted to the appropriate staff members. + +READ access can be given to security administrators (domain level and decentralized), security batch jobs that perform ESM maintenance, and trusted STC users. + +The following commands are provided as a sample for implementing zSecure functional resource controls: + +rdef xfacilit resource_profile_protecting_zSecure_CKF_ resource uacc(none) owner(zSecure owner) +pe resource_profile_protecting_zSecure_CKF_ resource class(XFACILIT) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) + +rdef xfacilit CKNADMIN.TONODE.<node-name> uacc(none) owner(zSecure owner) +pe CKNADMIN.TONODE.<node-name> class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) + +rdef xfacilit CKNADMIN.FROMNODE.<node-name> uacc(none) owner(zSecure owner) +pe CKNADMIN.FROMNODE.<node-name> class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) + +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.ACTIVE uacc(none) owner(zSecure owner) +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.BACKUP uacc(none) owner(zSecure owner) +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.MANAGED uacc(none) owner(zSecure owner) +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.PRIMARY uacc(none) owner(zSecure owner) +pe CKNDSN.<dstype>.<node-name>.<systemname>.ACTIVE class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +pe CKNDSN.<dstype>.<node-name>.<systemname>.BACKUP class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +pe CKNDSN.<dstype>.<node-name>.<systemname>.MANAGED class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +pe CKNDSN.<dstype>.<node-name>.<systemname>.PRIMARY class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +pe CKNDSN.<dstype>.<node-name>.<systemname>.ACTIVE class(xfacilit) id(AUDTAUDT) access(UPDATE) +pe CKNDSN.<dstype>.<node-name>.<systemname>.BACKUP class(xfacilit) id(AUDTAUDT) access(UPDATE) +pe CKNDSN.<dstype>.<node-name>.<systemname>.MANAGED class(xfacilit) id(AUDTAUDT) access(UPDATE) +pe CKNDSN.<dstype>.<node-name>.<systemname>.PRIMARY class(xfacilit) id(AUDTAUDT) access(UPDATE) + +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.CKRCMD uacc(none) owner(zSecure owner) +pe CKNDSN.<dstype>.<node-name>.<systemname>.CKRCMD class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) + +rdef xfacilit CKR.ACTION.** uacc(none) owner(zSecure owner) +pe CKR.ACTION.** class(xfacilit) id(SYSPAUDT, SECAAUDT, SECBAUDT, SECDAUDT) access(READ) + +rdef xfacilit CKR.CKRCARLA.APF uacc(none) owner(zSecure owner) +pe CKR.CKRCARLA.APF class(xfacilit) id(SECAUDT, SECBAUDT) access(READ) + +rdef xfacilit CKR.READALL uacc(none) owner(zSecure owner) +pe CKR.READALL class(xfacilit) id(SECAAUDT, SECBAUDT, TSTCAUDT) access(READ)None of the zSecure functional profiles must allow general access by means of UACC(NONE), WARNING, or global access. + +Review profile(s) protecting CKF.** resources in XFACILIT class. + +If only profile CKF.** exists, this is a finding. + +If READ access to any other CKF.<focus> profiles is not restricted to security administrators, decentralized security administrators, batch jobs that perform External Security Manager (ESM) maintenance, and trusted STC users, this is a finding. + +Review profile(s) protecting CKN*.** resources in XFACILIT class. + +If only profile CKN*.** exists, this is a finding. + +If READ access to any other CKNADMIN.**, CKNDSN.** or CKNUMAP profiles is not restricted to security administrators (domain or decentralized), security batch jobs performing ESM maintenance, and trusted STC users, this is a finding. + +Review profile(s) protecting CKG.** resources in XFACILIT class. + +If only profile CKG.** exists, this is a finding. + +If READ access to any other CKG.CMD.**, CKG.RAC.**, CKG.SCHEDULE.**, CKG.SCP.**, CKG.UCAT.**, or CKG.USRDATA.** profiles is not restricted to security administrators (domain or decentralized), security batch jobs performing ESM maintenance, and trusted STC users, this is a finding. + +Review profile(s) protecting CKR.** resources in XFACILIT class. + +If only profile CKR.** exists, this is a finding. + +If READ access to any other CKR.ACTION.**, CKR.CKRCARLA.APF, CKR.CKXLOG.**, CKR.OPTION.**, or CKR.READALL profiles is not restricted to security administrators (domain or decentralized), security batch jobs performing ESM maintenance, and trusted STC users, this is a finding. + +Review profile(s) protecting C2R.** resources in XFACILIT class. + +If only profile C2R.** exists, this is a finding. + +If READ access to any other C2R.CLIENT.** or C2R.SERVER.ADMIN profiles is not restricted to security administrators (domain or decentralized), security batch jobs performing ESM maintenance, and trusted STC users, this is a finding. + +Review profile(s) protecting C2X.** resources in XFACILIT class. + +If only profile C2X.** exists, this is a finding. + +If UPDATE access to any other C2X.ICH* profile is not restricted to automated operation STCs/batch jobs or trusted STC users, this is a finding.SRG-APP-000133-MFP-000192<GroupDescription></GroupDescription>ZSEC-00-000040Access to zSecure installation data must be properly restricted and logged.<VulnDiscussion>If the zSecure application were to allow any user to make changes to software libraries, those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process. + +This requirement applies to applications with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components to initiate changes, including upgrades and modifications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-001499Ensure ALTER access to zSecure installation data sets is restricted to systems programmers, and all failures and successful UPDATE and higher access is logged. + +READ access can be permitted to auditors, security administrators (domain level and decentralized), batch jobs that perform ESM maintenance, and trusted STC users. + +The installing systems programmer will identify and document the product data sets and categorize them according to who will require UPDATE and higher access and if required that all successful UPDATE and higher access is logged. The installing systems programmer will identify if any additional groups need READ access for specific zSecure installation data sets, and once documented will work with the information system security officer (ISSO) to ensure they are properly restricted to the ESM active on the system. + +The following commands are provided as a sample for implementing zSecure installation data set controls: + +ad 'hlq.zsec.inst.dsn' uacc(none) owner(zSecure owner) - +audit(success(update) failures(read)) +pe 'hlq.zsec.inst.dsn' id(AUDTAUDT, SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +pe 'hlq.zsec.inst.dsn' id(SYSPAUDT) access(ALTER)Verify the accesses to zSecure installation data sets are properly restricted. + +- The RACF profile(s) protecting zSecure installation data sets must not allow general access by means of UACC, ID(*), WARNING, or global access. +- The RACF profile(s) protecting zSecure installation data sets must restrict READ access to auditors, security administrators , decentralized security administrators, batch jobs that perform External Security Manager (ESM) maintenance, and trusted STC users. +- The RACF profile(s) protecting zSecure installation data sets must restrict UPDATE and higher access to systems programmers. +- All failures and successful UPDATE and higher access must be logged. + +If all of the above restrictions are true, this is not a finding.SRG-APP-000133-MFP-000193<GroupDescription></GroupDescription>ZSEC-00-000060Access to IBM Security zSecure STC data sets must be properly restricted and logged.<VulnDiscussion>IBM Security zSecure STC have the ability to use privileged functions and/or have access to sensitive data. Failure to properly restrict access to these zSecure STC data sets could result in violating the integrity of the base product, which could compromise the operating system or sensitive data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-001499Ensure that READ and higher access to zSecure STC data sets is restricted to authorized users, and all failures and successful UPDATE and higher access is logged. +Appropriate access can be permitted to auditors, decentralized security administrators, security administrators, automated operation STCs/batch jobs, batch jobs performing ESM maintenance, trusted STC users and systems programmers. + +The following commands are provided as a sample for implementing zSecure STC data set controls: + +ad 'hlq.zsec.alert.ckfreeze' uacc(none) owner(zSecure owner) - +audit(success(update) failures(read)) +pe 'hlq.zsec.alert.ckfreeze' id(SYSPAUDT, TSTCAUDT) access(READ) +ad 'hlq.zsec.access.monitor.dsn' uacc(none) owner(zSecure owner) - +audit(success(UPDATE) failures(READ)) +pe 'hlq.zsec.access.monitor.dsn' id(AUDTAUDT, SECAAUDT, SECDAUDT, SECBAUDT) access(READ) +pe 'hlq.zsec.access.monitor.dsn' id(SECBAUDT, +access(UPDATE) +pe 'hlq.zsec.access.monitor.dsn' id(SYSPAUDT, TSTCAUDT) access(ALTER) +rdef logstrm LSName uacc(none) owner(zSecure owner) - audit(success(UPDATE) failures(read)) +pe LSName class(logstrm) id(AUDTAUDT, SECAAUDT, SECDAUDT) access(READ) +pe LSName class(logstrm) id(CKXLOG, SECBAUDT, AUTOAUDT, SYSPAUDT) access(ALTER) +rdef facility IXLSTR. <modelstrname> uacc(none) owner(zSecure owner) - audit(success(UPDATE) failures(READ)) +pe IXLSTR.<modelstrname> class(facility) id(SYSPAUDT, TSTCAUDT) access(ALTER)Verify that access to the zSecure STC data sets is properly restricted. + +If the following guidance is true, this is not a finding. + +- The RACF profiles protecting zSecure STC data sets do not allow general access by means of UACC, ID(*), WARNING, or global access. +- READ and higher access to zAlert CKFREEZE data sets is restricted to trusted STC users and systems programmers. +- READ access to Access Monitor output data sets is restricted to auditors, decentralized security administrators, security administrators, automated operation STCs/batch jobs, batch jobs performing ESM maintenance, trusted STC users, and systems programmers. +- UPDATE access to Access Monitor output data sets is restricted to automated operation STCs/batch jobs, batch jobs performing ESM maintenance, trusted STC users, and systems programmers. +- CONTROL and higher access to Access Monitor output data sets is restricted to trusted STC users and systems programmers. +- All failures and successful UPDATE and higher access to zSecure STC data sets is logged. + +DASD-only CKXLOG log stream resources in the LOGSTRM class: +- READ is restricted to security administrators, auditors, batch jobs performing ESM maintenance +- ALTER restricted to CKXLOG task, system programmers, and batch jobs performing ESM maintenance +* For Coupling-Facility CKXLOG log streams, the above applies in addition to checking the IXLSTR.model_structure_name profiles in the FACILITY class: +- UPDATE and higher trusted STC users, and systems programmers.SRG-APP-000133-MFP-000194<GroupDescription></GroupDescription>ZSEC-00-000080IBM Security zSecure access to user data sets must be properly restricted and logged.<VulnDiscussion>If zSecure were to allow inappropriate reading or updating of user data sets, sensitive information could be disclosed, or changes might result in incorrect results reported by the product. Only qualified and authorized individuals must be allowed to create, read, update, and delete zSecure user data sets.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-001499The following commands are provided as a sample for implementing zSecure user data set controls: + +ad 'hlq.zsec.user.assert/ckfreeze/unload.dsn' uacc(none) owner(zSecure owner) - +audit(success(update) failures(read)) + +pe 'hlq.zsec.user.assert/ckfreeze/unload.dsn' id(AUDTAUDT, AUTOAUDT, SECAAUDT, SECDAUDT, SECBAUDT, TSTCAUDT) access(READ) + +pe 'hlq.zsec.user.assert/ckfreeze/unload.dsn' id(SECAAUDT, SECDAUDT, SECBAUDT, SYSPAUDT) access(ALTER) + +ad 'hlq.zsec.accmon.user.dsn' uacc(none) owner(zSecure owner) - +audit(success(update) failures(read)) + +pe 'hlq.zsec.accmon.user.dsn' id(AUDTAUDT, AUTOAUDT, SECAAUDT, SECDAUDT, SECBAUDT, TSTCAUDT) access(READ) + +pe 'hlq.zsec.accmon.user.dsn' id(AUTOAUDT, SECBAUDT, TSTCAUDT, SYSPAUDT) access(ALTER) +ad ' hlq.zsec.user.ckcus* +audit(success(UPDATE) failures(READ)) + +pe 'hlq.zsec.user.ckcus*' id(AUDTAUDT, AUTOAUDT, SECAAUDT, SECDAUDT, SECBAUDT, TSTCAUDT) access(UPDATE) + +pe 'hlq.zsec.user.ckcus*' id(SYSPAUDT) access(ALTER) +rdef logstrm LSName uacc(none) owner(zSecure owner) - +audit(success(UPDATE) failures(read)) + +pe LSName class(logstrm) id(AUDTAUDT, AUTOAUDT, SECAAUDT, SECDAUDT, TSTCAUDT, SYSPAUDT) access(READ) +pe LSName class(logstrm) id(AUTOAUDT, TSTCAUDT, SYSPAUDT) access(ALTER)Verify the accesses to the zSecure user data sets are properly restricted. If the following guidance is true, this is not a finding. + +- The RACF profiles protecting zSecure user data sets do not allow general access by means of UACC, ID(*), WARNING, or global access. +- READ access to ASSERTION, CKFREEZE, and UNLOAD data sets is restricted to auditors, automated operation STCs/batch jobs, decentralized security administrators, security administrators, batch jobs performing ESM maintenance, system programmers and trusted STC users. +- UPDATE and higher access to ASSERTION, CKFREEZE, and UNLOAD data sets is restricted to decentralized security administrators, security administrators, batch jobs performing ESM maintenance, and system programmers. +- All failures and successful UPDATE and higher access to ASSERTION, CKFREEZE, and UNLOAD data sets is logged. +- READ access to Access Monitor output data sets is restricted to auditors, decentralized security administrators, security administrators, batch jobs performing ESM maintenance, automated operation STCs/batch jobs, and trusted STC users, and system programmers. +- UPDATE and higher access to the Access Monitor output data sets is restricted to automated operation STCs/batch jobs, batch jobs performing ESM maintenance, trusted STC users, and system programmers. +- All failed and all successful UPDATE and higher access to Access Monitor output data sets is logged. +- READ access to CKACUST and CKACUSV data sets is restricted to auditors, batch jobs that perform ESM maintenance, decentralized security administrators, security administrators, automated operation STCs/batch jobs, trusted STC users, and systems programmers. +- UPDATE access to CKACUST and CKACUSV data sets is restricted to decentralized security administrators, security administrators, automated operation STCs/batch jobs, batch jobs performing ESM maintenance, trusted STC users, and systems programmers. +- CONTROL and higher access to CKACUST and CKACUSV data sets is restricted to systems programmers. +- All failed and all successful UPDATE and higher access to CKACUST and CKACUSV data sets is logged. +- READ access to CKXLOG log stream is restricted to auditors, decentralized security administrators, security administrators, automated operation STCs/batch jobs, trusted STC users, and system programmers. +- UPDATE and higher access to CKXLOG log stream is restricted to automated operation STCs/batch jobs, trusted STC users, and system programmers. +- All failed access to CKXLOG log stream is logged.SRG-APP-000148-MFP-000206<GroupDescription></GroupDescription>ZSEC-00-000100Started tasks for zSecure products must be properly defined.<VulnDiscussion>Started tasks and batch job IDs can be automatically revoked accidentally if not properly protected. When properly protected STCs prevent any attempts to log on with a password, it eliminates the possibility of revocation due to excessive invalid password attempts (denial of service).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-000764Ensure user IDs assigned to zSecure started tasks and scheduled batch jobs are assigned the PROTECTED attribute and/or defined as a STC. + +The following command is provided as a sample for adding the PROTECTED attribute. + +- ALTUSER <stuser> NOPASSWORD NOPHRASE +- ALTUSER <batch user ID> NOPASSWORD NOPHRASEIf user IDs assigned to zSecure started tasks and scheduled batch jobs are not assigned the PROTECTED attribute and/or defined as an STC, this is a finding. + +The default zSecure STC names (that may be changed by installation) are as follows: + +- STC C2PACMON runs program C2PACMON. +- STC C2POLICE runs program C2POLICE. +- STC C2PCOLL runs program CKFCOLL. (CKFCOLL is also run as a step in batch jobs.) +- STC C2RSERVE runs program BPXBATCH. +- STC CKCS1154 runs program CKCS1154. +- STC CKNSERVE runs program CKNSERVE. +- STC CKCCEF runs program CKRCARLX. +- STC CKQCLEEF runs program CKRCARLX. +- STC CKQEXSMF runs program CKQEXSMF. +- STC CKQRADAR runs program CKRCARLA. +- STC CKXLOG runs program CKXLOG. + +Verify the naming conventions for the zSecure STCs and batch jobs with the responsible systems programmers. + +Check which user IDs are assigned in the STDATA segment of the zSecure STCs. For these user IDs, verify they are assigned the PROTECTED attribute.SRG-APP-000211-MFP-000283<GroupDescription></GroupDescription>ZSEC-00-000120Access to IBM Security zSecure program resources must be limited to authorized users.<VulnDiscussion>Functional access (which is controlled with access to XFACILIT profiles) must not commingle multiple functions under a single resource profile.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-001082Ensure READ and higher access to zSecure program resources is restricted to the appropriate staff members. + +READ and higher access can be given to security administrators, decentralized security administrators, security batch jobs that perform ESM maintenance, and trusted STC users. + +The following commands are provided as a sample for implementing zSecure functional resource controls: +rdef CKF.<focus> uacc(none) owner(zSecure owner) +pe CKF.<focus> class(XFACILIT) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +rdef xfacilit CKNADMIN.<type>.<node-name> uacc(none) owner(zSecure owner) +pe CKNADMIN.<type>.<node-name> class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.<type> uacc(none) owner(zSecure owner) +pe CKNDSN.<dstype>.<node-name>.<systemname>.<type> class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +rdef xfacilit CKG.<type>.** uacc(none) owner(zSecure owner) +pe CKG.<type>.** class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUD) access(READ) +rdef xfacilit CKR.<type> uacc(none) owner(zSecure owner) +pe CKR.<type>.** class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUD) access(READ) +rdef xfacilit C2R.SERVER.ADMIN uacc(none) owner(zSecure owner) + +pe C2R.SERVER.ADMIN class(xfacilit) id(SECAAUDT, SECBAUDT, TSTCAUD) access(READ) +rdef xfacilit C2R.CLIENT.** uacc(none) owner(zSecure owner) +pe C2R.CLIENT.** class(xfacilit) id(SECAAUDT, SECBAUDT, TSTCAUD) access(READ) +rdef xfacilit C2X.ICH* uacc(none) owner(zSecure owner) +pe C2X.ICH* class(xfacilit) id(AUTOAUDT, TSTCAUDT) access(UPDATE)If the profiles protecting zSecure program resources do not allow general access by means of UACC, ID(*),WARNING, or global access, this is not a finding. + +Review profile(s) protecting CKF.** resources in XFACILIT class. + +If READ and higher access to any other CKF.<focus> profiles is not restricted to security administrators, decentralized security administrators, security batch jobs performing External Security Manager (ESM) maintenance, and trusted STC users, this is a finding. + +Review profile(s) protecting CKN*.** resources in XFACILIT class. + +If READ and higher access to any other CKNADMIN.**, and CKNDSN.**, profiles is not restricted to security administrators, decentralized security administrators, security batch jobs performing ESM maintenance, and trusted STC users, this is a finding. + +Review profile(s) protecting CKG.** resources in XFACILIT class. + +If READ and higher access to any other CKG.CMD.**, CKG.RAC.**, CKG.SCHEDULE.**, CKG.SCP.**, CKG.SCPASK.**,CKG.UCAT.**, or CKG.USRDATA.** profiles is not restricted to security administrators, decentralized security administrators, security batch jobs performing ESM maintenance, and trusted STC users, this is a finding. + +Review profile(s) protecting CKR.** resources in XFACILIT class. + +If READ and higher access to any other CKR.ACTION.**, CKR.CKRCARLA.APF, CKR.CKXLOG.**, CKR.OPTION.**, or CKR.READALL profiles is not restricted to security administrators, decentralized security administrators, security batch jobs performing ESM maintenance, and trusted STC users, this is a finding. + +If zSecure is used, review profile(s) protecting C2R.** resources in XFACILIT class. + +If READ and higher access to any other C2R.CLIENT.** or C2R.SERVER.ADMIN profiles is not restricted to security administrators, decentralized security administrators, security batch jobs performing ESM maintenance, and trusted STC users, this is a finding. + +Review profile(s) protecting C2X.** resources in XFACILIT class. + +If UPDATE access to any other C2X.ICH* profile is not restricted to automated operation STCs/batch jobs or trusted STC users, this is a finding. + +If all failures and successful UPDATE and higher access attempts are logged, this is not a finding.SRG-APP-000340-MFP-000088<GroupDescription></GroupDescription>ZSEC-00-000140zSecure must prevent nonprivileged users from executing privileged zSecure functions.<VulnDiscussion>Preventing nonprivileged users from executing privileged zSecure functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. + +Privileged functions include, for example, running COLLECT jobs, generating audit reports, and adjusting RACF security settings. Nonprivileged users are individuals who do not possess appropriate authorizations. + +Circumventing intrusion detection and prevention mechanisms or malicious code protection mechanisms are examples of privileged functions that require protection from nonprivileged users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-002235Ensure that the following high-level qualifier profiles are defined in the configured zSecure class, by default XFACILIT, with UACC (NONE) and not in WARNING mode: +CKF.** +CKN*.** +CKG.** +CKR.** +C2R.** (if you use zSecure Visual) +C2X.** + +A minimum of all failed access must be logged. + +rdef xfacilit CKF.** uacc(none) owner(zSecure owner) +rdef xfacilit CKN*.** uacc(none) owner(zSecure owner) +rdef xfacilit CKG.** uacc(none) owner(zSecure owner)If READ access to zSecure functional resources is not restricted to privileged users, this is a finding. +If the following high-level qualifier profiles are defined in the configured zSecure class, by default XFACILIT, with UACC (NONE) and not in WARNING mode, this is not a finding. + +CKF.** +CKN*.** +CKG.** +CKR.** +C2R.** (if you use zSecure Visual) +C2X.** + +If a minimum of all failed access is logged, this is not a finding.SRG-APP-000342-MFP-000090<GroupDescription></GroupDescription>ZSEC-00-000160The zSecure programs CKFCOLL and CKGRACF, and the APF-authorized version of program CKRCARLA, must be restricted to security administrators, security batch jobs performing External Security Manager (ESM) maintenance, auditors, and systems programmers, and audited.<VulnDiscussion>Users authorized to use the zSecure program CKFCOLL can collect z/OS system information that is not accessible to regular users. + +Users authorized to use the zSecure program CKGRACF can change certain permitted RACF profile definitions that otherwise would not be allowed. + +Users authorized to use the zSecure program CKRCARLX can fake SMF records. + +Allowing inappropriate users to use the CKFCOLL, CKGRACF, and CKRCARLX programs could result in disclosure of z/OS installation and configuration information or inappropriate RACF profile or SMF record changes. + +Satisfies: SRG-APP-000342-MFP-000090,SRG-APP-000343-MFP-000091</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-002233CCI-002234If this is not a RACF system, the presence of CKGRACF is not applicable. + +Ensure READ access to zSecure functional resources is restricted to the appropriate staff members. + +READ access can be given to auditors, security administrators (domain level and decentralized), security batch jobs that perform ESM maintenance, and trusted STC users. + +The following commands are provided as a sample for implementing zSecure functional resource controls: + +rdef xfacilit resource_profile_protecting_zSecure_CKF_ resource uacc(none) owner(zSecure owner) +pe resource_profile_protecting_zSecure_CKF_ resource class(xfacilit) id(SYSPAUDT, SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) + +rdef xfacilit CKG.CMD.** uacc(none) owner(zSecure owner) +pe CKG.CMD.** class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT) access(READ) + +rdef xfacilit CKG.RAC.** uacc(none) owner(zSecure owner) +pe CKG.RAC.** class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT) access(READ) + +rdef xfacilit CKG.SCHEDULE.** uacc(none) owner(zSecure owner) +pe CKG.SCHEDULE.** class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT) access(READ) + +rdef xfacilit CKG.SCP.** uacc(none) owner(zSecure owner) +pe CKG.SCP.** class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT) access(READ) + +rdef xfacilit CKG.UCAT.** uacc(none) owner(zSecure owner) +pe CKG.UCAT.** class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT) access(READ) + +rdef xfacilit CKG.USRDATA.** uacc(none) owner(zSecure owner) +pe CKG.USRDATA.** class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT) access(READ) + +rdef xfacilit CKNADMIN.TONODE.<node-name> uacc(none) owner(zSecure owner) +pe CKNADMIN.TONODE.<node-name> class(xfacilit) id(SYSPAUDT, SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) + +rdef xfacilit CKNADMIN.FROMNODE.<node-name> uacc(none) owner(zSecure owner) +pe CKNADMIN.FROMNODE.<node-name> class(xfacilit) id(SYSPAUDT, SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) + +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.ACTIVE uacc(none) owner(zSecure owner) +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.BACKUP uacc(none) owner(zSecure owner) +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.MANAGED uacc(none) owner(zSecure owner) +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.PRIMARY uacc(none) owner(zSecure owner) +pe CKNDSN.<dstype>.<node-name>.<systemname>.ACTIVE class(xfacilit) id(SYSPAUDT, SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +pe CKNDSN.<dstype>.<node-name>.<systemname>.BACKUP class(xfacilit) id(SYSPAUDT, SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +pe CKNDSN.<dstype>.<node-name>.<systemname>.MANAGED class(xfacilit) id(SYSPAUDT, SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +pe CKNDSN.<dstype>.<node-name>.<systemname>.PRIMARY class(xfacilit) id(SYSPAUDT, SECAAUDT, SECBAUDT, SECDAUDT, TSTCAUDT) access(READ) +pe CKNDSN.<dstype>.<node-name>.<systemname>.ACTIVE class(xfacilit) id(AUDTAUDT) access(UPDATE) +pe CKNDSN.<dstype>.<node-name>.<systemname>.BACKUP class(xfacilit) id(AUDTAUDT) access(UPDATE) +pe CKNDSN.<dstype>.<node-name>.<systemname>.MANAGED class(xfacilit) id(AUDTAUDT) access(UPDATE) +pe CKNDSN.<dstype>.<node-name>.<systemname>.PRIMARY class(xfacilit) id(AUDTAUDT) access(UPDATE) + +rdef xfacilit CKNDSN.<dstype>.<node-name>.<systemname>.CKRCMD uacc(none) owner(zSecure owner) +pe CKNDSN.<dstype>.<node-name>.<systemname>.CKRCMD class(xfacilit) id(SECAAUDT, SECBAUDT, SECDAUDT) access(READ) + +rdef xfacilit CKR.READALL uacc(none) owner(zSecure owner) +pe CKR.READALL class(xfacilit) id(SYSPAUDT, SECAAUDT, SECBAUDT, TSTCAUDT) access(READ) + +rdef xfacilit CKR.CKRCARLA.APF uacc(none) owner(zSecure owner) +pe CKR.CKRCARLA.APF class(xfacilit) id(SYSPAUDT, SECBAUDT) access(READ) + +rdef xfacilit C2X.ICH* uacc(none) owner(zSecure owner) +pe C2X.ICH* class(xfacilit) id(AUTOAUDT, TSTCAUDT) access(UPDATE) + +rdef xfacilit C2R.SERVER.ADMIN uacc(none) owner(zSecure owner) +pe C2R.SERVER.ADMIN class(xfacilit) id(SECAAUDT) access(READ) + +rdef xfacilit C2R.CLIENT.SETROPTS uacc(none) owner(zSecure owner) +pe C2R.CLIENT.SETROPTS class(xfacilit) id(AUDTAUDT, SYSPAUDT, SECAAUDT) access(READ)If this is not a RACF system, the presence of CKGRACF is not applicable. + +Verify the access and log settings of the profiles that protect the use of the CKFCOLL and CKGRACF programs and the APF-authorized version of the CKRCARLA program. + +If the CKF.** and CKG.** profiles that protect the use of the CKFCOLL, CKGRACF, and CKRCARLA programs allow general access (UACC, ID(*), WARNING, or global access) or do not log successful READ access, this is a finding. + +If READ or higher access to profile(s) protecting CKF.** resources in XFACILIT class is not restricted to security administrators (domain or decentralized), batch jobs performing ESM maintenance, auditors, or systems programmers, this is a finding. + +If READ or higher access to profile(s) protecting CKG.** resources in XFACILIT class is not restricted to security administrators (domain or decentralized) or batch jobs performing ESM maintenance, this is a finding. + +Review auditing of the profile protecting the CKR.CKRCARLA.APF resource in XFACILIT class. + +If successful READs are not audited, this is a finding.SRG-APP-000379-MFP-000186<GroupDescription></GroupDescription>ZSEC-00-000200IBM Security zSecure must implement organization-defined automated security responses if baseline zSecure configurations are changed in an unauthorized manner.<VulnDiscussion>Unauthorized changes to the zSecure baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the system. Changes to information system configurations can have unintended side effects, some of which may be relevant to security. + +Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the application. Examples of security responses include but are not limited to the following: halting application processing, halting selected application functions, or issuing alerts/notifications to organizational personnel when there is an unauthorized modification of a configuration item.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-001744The recipients of the SMF reports or alert messages must investigate whether the UPDATE is legitimate (e.g., is documented and approved in a change management request). If it is not, they must restore the original configuration setting.Verify that a (daily) scheduled batch job is defined and used or a custom alert is configured and activated to inform appropriate personnel, such as auditors and compliance officers, about successful changes to the zSecure configuration data sets on their z/OS systems. + +If SMF records regarding successful UPDATE(s) to zSecure configuration data sets are not reported to the information system security manager (ISSM), this is a finding.SRG-APP-000454-MFP-000343<GroupDescription></GroupDescription>ZSEC-00-000220IBM Security zSecure must remove all upgraded/replaced zSecure software components that are no longer required for operation after updated versions have been installed.<VulnDiscussion>Previous versions of zSecure products and components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-002617Remove all upgraded/replaced software components that are no longer required for operation.Examine the inventory of installed software components for zSecure. + +If software components that are no longer required for operation exist, this is a finding.SRG-APP-000456-MFP-000345<GroupDescription></GroupDescription>ZSEC-00-000240IBM Security zSecure system administrators must install security-relevant zSecure software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs).<VulnDiscussion>Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling must also be addressed expeditiously.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-002605Develop a procedure to install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs).Ask the system administrator for the procedure to install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs. + +If there is no procedure, this a finding.SRG-APP-000516-MFP-000195<GroupDescription></GroupDescription>ZSEC-00-000260XFACILIT class, or alternate class if specified in module CKRSITE, must be active.<VulnDiscussion>The zSecure resource class that is configured for the zSecure access checks must be active to receive valid Allow/Deny responses from external security manager (ESM) resource checks. Activation is outside of zSecure, in the ESM.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target IBM zSecure SuiteDISADPMS TargetIBM zSecure Suite5574CCI-000366Ensure the resource class that is configured in CKRSITE for zSecure security checks is active in the RACF class descriptor table. The default class is XFACILIT. IBM Security zSecure recommends the generic be activated. + +Following is a sample command: + +SETROPTS CLASSACT(XFACILIT) or SETROPTS CLASSACT(<configured resource class for access checks>)Run the CARLa command SHOW CKRSITE. The output of this command reveals which resource class is configured for handling the zSecure security checks. The default resource class is XFACILIT. + +Verify in the class descriptor table that the configured zSecure resource class is active. + +If the configured zSecure resource class is not active, this is a finding. \ No newline at end of file diff --git a/stigs.json b/stigs.json index ac1808151..8b7f625ac 100644 --- a/stigs.json +++ b/stigs.json @@ -1618,12 +1618,12 @@ "size": "2.95 MB" }, { - "id": "MOT_Android_9-x_COBO_STIG", + "id": "MOT_Android_9-x_COPE_STIG", "name": "Motorola Solutions Android 11 - Ver 1, Rel 2", "url": "https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOT_Solutions_Android_11_V1R2_STIG.zip", "size": "1.68 MB", "version": "V1R2", - "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_MOT_Android_9.x_COBO_STIG_V1R2_Manual-xccdf.xml" + "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_MOT_Android_9-x_COPE_STIG_V1R2_Manual-xccdf.xml" }, { "id": "MOZ_Firefox_STIG", @@ -2068,12 +2068,12 @@ "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_SDN_Controller_SRG_V1R2_Manual-xccdf.xml" }, { - "id": "SEL-2740S_L2S_STIG", + "id": "SEL-2740S_NDM_STIG", "name": "SEL-2740S STIG Ver 1 Rel 1", "url": "https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SEL-2740S_V1R1_STIG.zip", "size": "1.5 MB", "version": "V1R1", - "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_SEL-2740S_L2S_STIG_V1R1_Manual-xccdf.xml" + "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_SEL-2740S_NDM_STIG_V1R1_Manual-xccdf.xml" }, { "id": "SuSe_zLinux", @@ -2402,12 +2402,12 @@ "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_Cisco_IOS_XE_Release_3_NDM_STIG_V1R5_Manual-xccdf.xml" }, { - "id": "Cisco_ISE_NAC_STIG", + "id": "Cisco_ISE_NDM_STIG", "name": "Sunset - Cisco IOS XE Release 3 Router Overview - Ver 1, Rel 4", "url": "https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_IOS-XE_Release_3_Router_V1R4_Overview.zip", "size": "236.14 KB", "version": "V1R4", - "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_Cisco_ISE_NAC_STIG_V1R4_Manual-xccdf.xml" + "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_Cisco_ISE_NDM_STIG_V1R4_Manual-xccdf.xml" }, { "id": "Cisco_IOS_XE_Release_3_RTR_STIG", @@ -2464,12 +2464,12 @@ "version": "V4R5" }, { - "id": "Enclave_-_Zone_C", + "id": "Enclave_-_Zone_D", "name": "Sunset - Enclave Test and Development STIG - Ver 1, Rel 6", "url": "https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Enclave_T-D_V1R6_STIG.zip", "size": "703.24 KB", "version": "V1R6", - "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_Enclave_T-D_Zone-C_STIG_V1R6_Manual-xccdf.xml" + "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_Enclave_T-D_Zone-D_STIG_V1R6_Manual-xccdf.xml" }, { "id": "Google_Android_9-x_STIG", @@ -4622,13 +4622,6 @@ "version": "V1R1", "file": "https://raw.githubusercontent.com/mitre/inspec-profile-update-action/main/benchmarks/DISA/U_MS_Windows_Server_DNS_STIG_V1R1_Manual-xccdf.xml" }, - { - "id": "b8144450-c195-4103-a2b5-1958086e6aea", - "name": "z/OS ACF2 Products - Ver 6, Rel 59", - "url": "https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_zOS_ACF2_V6R59_Products.zip", - "size": "9.7 MB", - "version": "V6R59" - }, { "id": "b758ee5f-9613-4b0b-b3fb-35663af7b7bd", "name": "F5 BIG-IP STIG", @@ -4636,10 +4629,17 @@ "size": "1.5 MB" }, { - "id": "0872c7bd-0054-4f67-b1ff-d6fc3d4c2b2a", - "name": "z/OS SRR Scripts - Ver 6, Rel 59", - "url": "https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_zOS_V6R59_SRR.zip", - "size": "1.89 MB", + "id": "adb4a56c-4b12-4350-ac85-5f4dc6fa755d", + "name": "IBM zSecure Suite STIG", + "url": "https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_zSecure_Suite_V1R1_STIG.zip", + "size": "1.76 MB", + "version": "V1R1" + }, + { + "id": "f58aa6b0-c8a2-4f21-a7ae-068364007116", + "name": "z/OS RACF Products - Ver 6, Rel 59", + "url": "https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_zOS_RACF_V6R59_Products.zip", + "size": "8.96 MB", "version": "V6R59" } ] \ No newline at end of file