STIG ID - BACF0033: Assign Site-Supplied Keywords for TSO Logon

Define GSO TSOKEYS to assign site-supplied keywords for TSO logon.
Severity
: 2 - Medium
The GSO TSOKEYS record lets you define site-supplied keywords that
ACF2
recognizes as valid at TSO logon time. Eliminating the ability to use common keywords provides additional security during the TSO logon process.
Your organization will ensure common keywords used during TSO logon process is not allowed.
This STIG article shows how to assign site-supplied keywords for TSO logon by defining the GSO TSOKEYS record. Ensure the GSO TSOKEYS record value is set in accordance with the recommendations set forth in this article.
Identify Audit Finding
Review the following data to determine if you should consider remediation.
Follow these steps
:
  1. List the GSO TSOKEYS record to determine if the KEYWORDS field value is defined to (
    ), which indicates no keywords are allowed.
    SET CONTROL(GSO) CONTROL LIST TSOKEYS XXXX / TSOKEYS LAST CHANGED BY USER01 ON 11/12/15-12:20
    KEYWORDS(
    keyword
    )
    CONTROL
    In this example, the GSO TSOKEYS record is not defined to the suggested guideline of KEYWORDS().
    • KEYWORDS(
      keyword1,...keyword256
      )
      Specifies a one to 256 eight-character keywords that your site wants
      ACF2
      to recognize as valid at TSO logon time.
  2. If the GSO TSOKEYS record KEYWORDS field is defined to () which indicates no keywords are allowed,
    your site does not have an audit finding
    .
  3. If the GSO TSOKEYS record KEYWORDS field is not defined to (),
    your site has an audit finding
    . See Remediate Audit Finding.
Remediate Audit Finding
z/OS System/LPAR Level Mainframe Security Team (ZSECTEAM) is the only role that should have access to change the GSO TSOKEYS record. Limit all access to change GSO records to time frames of approved changes and reduced to view only outside of approved change windows.
Follow these steps
:
  1. Configure the GSO TSOKEYS record KEYWORDS field to the suggested guideline of ():
    SET CONTROL(GSO) CONTROL CHANGE TSOKEYS
    KEYWORDS()
    F ACF2,REFRESH(TSOKEYS) CONTROL
    Keywords are no longer permitted at TSO logon time.
  2. Verify the change was applied to the GSO TSOKEYS record field:
    SET CONTROL(GSO) CONTROL LIST TSOKEYS XXXX / TSOKEYS LAST CHANGED BY USER01 ON 03/25/20-10:20
    KEYWORDS(keywords256)
    CONTROL
Eliminating the use of common keywords during TSO logon provides your organization with stronger logon security measures.
Control Correlation Identifier
A Control Correlation Identifier (CCI) list provides a standard identifier and description for each of the singular, actionable statements that comprise a control or best practice. The following CCIs are related to this STIG. For more information, see the National Institute of Standards and Technology website.
CCIs
: CCI-000366
CCI
:
CCI-000366
Published Date
:
2009-09-18
Definition
:
The organization implements the security configuration settings.
Type
:
policy, technical
References
:
NIST: NIST SP 800-53 (v3): CM-6 b
NIST: NIST SP 800-53 Revision 4 (v4): CM-6 b
NIST: NIST SP 800-53A (v1): CM-6.1 (iv)