STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← CM-5 (6) — Access Restrictions for Change

CCI-001499

Definition

Limit privileges to change software resident within software libraries.

Parent Control

CM-5 (6)Access Restrictions for ChangeConfiguration Management

Linked STIG Checks (200)

V-213130CAT IIIAdobe Acrobat Pro DC Continuous Default Handler changes must be disabled.Adobe Acrobat Professional DC Continuous Track Security Technical Implementation Guide V-213176CAT IIIAdobe Reader DC must disable the ability to change the Default Handler.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-279039CAT IICritical ColdFusion directories must have secure file system permissions and ownership.Adobe ColdFusion Security Technical Implementation Guide V-279055CAT IColdFusion must be using an enterprise solution for authentication.Adobe ColdFusion Security Technical Implementation Guide V-274119CAT IIAmazon Linux 2023 library directories must be group-owned by root or a system account.Amazon Linux 2023 Security Technical Implementation Guide V-274120CAT IIAmazon Linux 2023 library directories must have mode "755" or less permissive.Amazon Linux 2023 Security Technical Implementation Guide V-274121CAT IIAmazon Linux 2023 library files must have mode "755" or less permissive.Amazon Linux 2023 Security Technical Implementation Guide V-274122CAT IIAmazon Linux 2023 library files must be owned by root.Amazon Linux 2023 Security Technical Implementation Guide V-274123CAT IIAmazon Linux 2023 library files must be group-owned by root or a system account.Amazon Linux 2023 Security Technical Implementation Guide V-274124CAT IIAmazon Linux 2023 library directories must be owned by root.Amazon Linux 2023 Security Technical Implementation Guide V-274131CAT IIAmazon Linux 2023 system commands must be owned by root.Amazon Linux 2023 Security Technical Implementation Guide V-274132CAT IIAmazon Linux 2023 system commands must be group-owned by root or a system account.Amazon Linux 2023 Security Technical Implementation Guide V-222949CAT IITomcat user UMASK must be set to 0027.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252534CAT IIThe macOS system must enable System Integrity Protection.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257240CAT IThe macOS system must enable System Integrity Protection.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268555CAT IThe macOS system must ensure System Integrity Protection is enabled.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277165CAT IThe macOS system must ensure System Integrity Protection (SIP) is enabled.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222514CAT IIThe applications must limit privileges to change the software resident within software libraries.Application Security and Development Security Technical Implementation Guide V-204741CAT IIThe application server must limit privileges to change the software resident within software libraries.Application Server Security Requirements Guide V-251601CAT IIDatabase objects in an IDMS environment must be secured to prevent privileged actions from being performed by unauthorized users.CA IDMS Security Technical Implementation Guide V-251602CAT IIThe programs that can be run through a CA IDMS CV must be defined to the CV to prevent installation of unauthorized programs; must have the ability to dynamically register new programs; and must have the ability to secure tasks.CA IDMS Security Technical Implementation Guide V-251603CAT IIThe commands that allow dynamic definitions of PROGRAM/TASK and the dynamic varying of memory must be secured.CA IDMS Security Technical Implementation Guide V-251604CAT IIDatabases must be secured to protect from structural changes.CA IDMS Security Technical Implementation Guide V-251605CAT IIDatabase utilities must be secured in CA IDMS and permissions given to appropriate role(s)/groups(s) in the external security manager (ESM).CA IDMS Security Technical Implementation Guide V-251606CAT IIThe online debugger which can change programs and storage in the CA IDMS address space must be secured.CA IDMS Security Technical Implementation Guide V-251607CAT IICA IDMS must secure the ability to create, alter, drop, grant, and revoke user and/or system profiles to users or groups.CA IDMS Security Technical Implementation Guide V-219198CAT IIThe Ubuntu operating system library files must have mode 0755 or less permissive.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219199CAT IIThe Ubuntu operating system library directories must have mode 0755 or less permissive.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219200CAT IIThe Ubuntu operating system library files must be owned by root.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219201CAT IIThe Ubuntu operating system library directories must be owned by root.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219202CAT IIThe Ubuntu operating system library files must be group-owned by root.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219203CAT IIThe Ubuntu operating system library directories must be group-owned by root.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219204CAT IIThe Ubuntu operating system must have system commands set to a mode of 0755 or less permissive.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219205CAT IIThe Ubuntu operating system must have directories that contain system commands set to a mode of 0755 or less permissive.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219206CAT IIThe Ubuntu operating system must have system commands owned by root.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219207CAT IIThe Ubuntu operating system must have directories that contain system commands owned by root.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219208CAT IIThe Ubuntu operating system must have system commands group-owned by root or a system account.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219209CAT IIThe Ubuntu operating system must have directories that contain system commands group-owned by root.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238347CAT IIThe Ubuntu operating system library files must have mode 0755 or less permissive.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238348CAT IIThe Ubuntu operating system library directories must have mode 0755 or less permissive.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238349CAT IIThe Ubuntu operating system library files must be owned by root.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238350CAT IIThe Ubuntu operating system library directories must be owned by root.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238351CAT IIThe Ubuntu operating system library files must be group-owned by root or a system account.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238352CAT IIThe Ubuntu operating system library directories must be group-owned by root.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238376CAT IIThe Ubuntu operating system must have system commands set to a mode of 0755 or less permissive.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238377CAT IIThe Ubuntu operating system must have system commands owned by root or a system account.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238378CAT IIThe Ubuntu operating system must have system commands group-owned by root or a system account.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260486CAT IIUbuntu 22.04 LTS must have system commands set to a mode of "755" or less permissive.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260487CAT IIUbuntu 22.04 LTS library files must have mode "755" or less permissive.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260495CAT IIUbuntu 22.04 LTS must have system commands owned by "root" or a system account.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260496CAT IIUbuntu 22.04 LTS must have system commands group-owned by "root" or a system account.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260497CAT IIUbuntu 22.04 LTS library directories must be owned by "root".Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260498CAT IIUbuntu 22.04 LTS library directories must be group-owned by "root".Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260499CAT IIUbuntu 22.04 LTS library files must be owned by "root".Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260500CAT IIUbuntu 22.04 LTS library files must be group-owned by "root".Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270696CAT IIUbuntu 24.04 LTS library files must have mode 0755 or less permissive.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270697CAT IIUbuntu 24.04 LTS library files must be owned by root.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270698CAT IIUbuntu 24.04 LTS library directories must be owned by root.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270699CAT IIUbuntu 24.04 LTS library files must be group-owned by root or a system account.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270700CAT IIUbuntu 24.04 LTS library directories must be group-owned by root.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270701CAT IIUbuntu 24.04 LTS must have system commands set to a mode of 0755 or less permissive.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270702CAT IIUbuntu 24.04 LTS must have system commands owned by root or a system account.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270703CAT IIUbuntu 24.04 LTS must have system commands group-owned by root or a system account.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-215677CAT IIThe Cisco router must be configured to limit privileges to change the software resident within software libraries.Cisco IOS Router NDM Security Technical Implementation Guide V-220585CAT IIThe Cisco switch must be configured to limit privileges to change the software resident within software libraries.Cisco IOS Switch NDM Security Technical Implementation Guide V-215822CAT IIThe Cisco router must be configured to limit privileges to change the software resident within software libraries.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220533CAT IIThe Cisco switch must be configured to limit privileges to change the software resident within software libraries.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-269169CAT IIAlmaLinux OS 9 system commands must be group-owned by root or a system account.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269170CAT IIAlmaLinux OS 9 system commands must be owned by root.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269171CAT IIAlmaLinux OS 9 system commands must have mode 755 or less permissive.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269172CAT IIAlmaLinux OS 9 library directories must be group-owned by root or a system account.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269173CAT IIAlmaLinux OS 9 library directories must be owned by root.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269174CAT IIAlmaLinux OS 9 library directories must have mode 755 or less permissive.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269175CAT IIAlmaLinux OS 9 library files must be group-owned by root or a system account.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269176CAT IIAlmaLinux OS 9 library files must be owned by root.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269177CAT IIAlmaLinux OS 9 library files must have mode 755 or less permissive.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233066CAT IIThe container platform must limit privileges to the container platform registry.Container Platform Security Requirements Guide V-233067CAT IIThe container platform must limit privileges to the container platform runtime.Container Platform Security Requirements Guide V-233068CAT IIThe container platform must limit privileges to the container platform keystore.Container Platform Security Requirements Guide V-233069CAT IIConfiguration files for the container platform must be protected.Container Platform Security Requirements Guide V-233070CAT IIAuthentication files for the container platform must be protected.Container Platform Security Requirements Guide V-233517CAT IIPrivileges to change PostgreSQL software modules must be limited.Crunchy Data PostgreSQL Security Technical Implementation Guide V-233518CAT IIPostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL.Crunchy Data PostgreSQL Security Technical Implementation Guide V-233523CAT IIThe role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (functions, trigger procedures, links to software external to PostgreSQL, etc.) must be restricted to authorized users.Crunchy Data PostgreSQL Security Technical Implementation Guide V-233539CAT IIDatabase objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership.Crunchy Data PostgreSQL Security Technical Implementation Guide V-233540CAT IThe PostgreSQL software installation account must be restricted to authorized users.Crunchy Data PostgreSQL Security Technical Implementation Guide V-233541CAT IIDatabase software, including PostgreSQL configuration files, must be stored in dedicated directories separate from the host OS and other applications.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261881CAT IIPostgreSQL must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to PostgreSQL.Crunchy Data Postgres 16 Security Technical Implementation Guide V-261882CAT IThe PostgreSQL software installation account must be restricted to authorized users.Crunchy Data Postgres 16 Security Technical Implementation Guide V-261883CAT IIDatabase software, including PostgreSQL configuration files, must be stored in dedicated directories, or DASD pools, separate from the host OS and other applications.Crunchy Data Postgres 16 Security Technical Implementation Guide V-261884CAT IIDatabase objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the DBMS, etc.) must be owned by database/PostgreSQL principals authorized for ownership.Crunchy Data Postgres 16 Security Technical Implementation Guide V-261885CAT IIThe role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to PostgreSQL, etc.) must be restricted to authorized users.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206544CAT IIThe DBMS must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to the DBMS.Database Security Requirements Guide V-206545CAT IThe DBMS software installation account must be restricted to authorized users.Database Security Requirements Guide V-206546CAT IIDatabase software, including DBMS configuration files, must be stored in dedicated directories, or DASD pools, separate from the host OS and other applications.Database Security Requirements Guide V-206547CAT IIDatabase objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the DBMS, etc.) must be owned by database/DBMS principals authorized for ownership.Database Security Requirements Guide V-206548CAT IIThe role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to the DBMS, etc.) must be restricted to authorized users.Database Security Requirements Guide V-270947CAT IDragos Platforms must limit privileges and not allow the ability to run shell.Dragos Platform 2.x Security Technical Implementation Guide V-224154CAT IISoftware, applications, and configuration files that are part of, or related to, the Postgres Plus Advanced Server installation must be monitored to discover unauthorized changes.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-224155CAT IIEDB Postgres Advanced Server software modules, to include stored procedures, functions, and triggers must be monitored to discover unauthorized changes.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-224156CAT IThe EDB Postgres Advanced Server software installation account must be restricted to authorized users.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-224157CAT IIDatabase software, including EDB Postgres Advanced Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-224158CAT IIDatabase objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the EDB Postgres Advanced Server, etc.) must be owned by database/EDB Postgres Advanced Server principals authorized for ownership.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-224159CAT IIThe role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to the EDB Postgres Advanced Server, etc.) must be restricted to authorized users.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213585CAT IISoftware, applications, and configuration files that are part of, or related to, the Postgres Plus Advanced Server installation must be monitored to discover unauthorized changes.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-213586CAT IIEDB Postgres Advanced Server software modules, to include stored procedures, functions and triggers must be monitored to discover unauthorized changes.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-213587CAT IThe EDB Postgres Advanced Server software installation account must be restricted to authorized users.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-213588CAT IIDatabase software, including EDB Postgres Advanced Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-213589CAT IIDatabase objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the EDB Postgres Advanced Server, etc.) must be owned by database/EDB Postgres Advanced Server principals authorized for ownership.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-213590CAT IIThe role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to the EDB Postgres Advanced Server, etc.) must be restricted to authorized users.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259234CAT IISoftware, applications, and configuration files that are part of, or related to, the EDB Postgres Advanced Server installation must be monitored to discover unauthorized changes.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-259235CAT IIEDB Postgres Advanced Server software modules, to include stored procedures, functions, and triggers must be monitored to discover unauthorized changes.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-259236CAT IThe EDB Postgres Advanced Server software installation account must be restricted to authorized users.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-259237CAT IIDatabase software, including EDB Postgres Advanced Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-259238CAT IIDatabase objects must be owned by database/EDB Postgres Advanced Server principals authorized for ownership.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-259239CAT IIThe role(s)/group(s) used to modify database structure and logic modules must be restricted to authorized users.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-255641CAT IICounterACT must limit privileges to change the software resident within software libraries.ForeScout CounterACT NDM Security Technical Implementation Guide V-230950CAT IIForescout must limit privileges to change the modules and OSs resident within software libraries.Forescout Network Device Management Security Technical Implementation Guide V-234190CAT IIThe FortiGate device must limit privileges to change the software resident within software libraries.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203675CAT IIThe operating system must limit privileges to change software resident within software libraries.General Purpose Operating System Security Requirements Guide V-215183CAT IIAll system files, programs, and directories must be owned by a system account.IBM AIX 7.x Security Technical Implementation Guide V-215184CAT IIAIX device files and directories must only be writable by users with a system account or as configured by the vendor.IBM AIX 7.x Security Technical Implementation Guide V-215268CAT IIAIX system files, programs, and directories must be group-owned by a system group.IBM AIX 7.x Security Technical Implementation Guide V-215279CAT IIAIX library files must have mode 0755 or less permissive.IBM AIX 7.x Security Technical Implementation Guide V-215325CAT IIAll system command files must not have extended ACLs.IBM AIX 7.x Security Technical Implementation Guide V-215326CAT IIAll library files must not have extended ACLs.IBM AIX 7.x Security Technical Implementation Guide V-213688CAT IIDB2 must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to DB2.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-213689CAT IIThe OS must limit privileges to change the DB2 software resident within software libraries (including privileged programs).IBM DB2 V10.5 LUW Security Technical Implementation Guide V-213690CAT IIThe DB2 software installation account must be restricted to authorized users.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-213691CAT IIDatabase software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-213692CAT IIDatabase objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-213693CAT IIThe role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to DB2, etc.) must be restricted to authorized users.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-65087CAT IIThe DataPower Gateway must limit privileges to change the software resident within software libraries.IBM DataPower Network Device Management Security Technical Implementation Guide V-250331CAT IIThe WebSphere Liberty Server must protect software libraries from unauthorized access.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255828CAT IIThe WebSphere Application Server users in a local user registry group must be authorized for that group.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223445CAT ICA-ACF2 must limit Write or greater access to SYS1.NUCLEUS to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223446CAT ICA-ACF2 must limit Write or greater access to SYS1.LPALIB to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223447CAT ICA-ACF2 must limit Write or greater access to SYS1.IMAGELIB to system programmers.IBM z/OS ACF2 Security Technical Implementation Guide V-223448CAT ICA-ACF2 must limit Write or greater access to Libraries containing EXIT modules to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223449CAT ICA-ACF2 must limit Write and Allocate access to all APF-authorized libraries to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223450CAT ICA-ACF2 must limit Write or greater access to all LPA libraries to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223451CAT IICA-ACF2 must limit Write and Allocate access to LINKLIST libraries to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223452CAT IICA-ACF2 must limit Write and allocate access to all system-level product installation libraries to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223453CAT ICA-ACF2 must limit Write or greater access to SYS1.SVCLIB to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223454CAT IICA-ACF2 Access to SYS1.LINKLIB must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223463CAT IIBM z/OS SYS1.PARMLIB must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223465CAT IICA-ACF2 must limit Write and allocate access to the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223466CAT IIICA-ACF2 must limit Write or greater access to libraries that contain PPT modules to system programmers only.IBM z/OS ACF2 Security Technical Implementation Guide V-223514CAT IACF2 security data sets and/or databases must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223603CAT IIIBM z/OS data sets for the Base TCP/IP component must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223622CAT IIIBM z/OS UNIX SYSTEM FILE SECURITY SETTINGS must be properly protected or specified.IBM z/OS ACF2 Security Technical Implementation Guide V-223623CAT IIIBM z/OS UNIX MVS data sets with z/OS UNIX components must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223624CAT IIIBM z/OS UNIX MVS data sets or HFS objects must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223625CAT IIIBM z/OS UNIX HFS permission bits and audit bits for each directory must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223626CAT IIIBM z/OS UNIX MVS data sets used as step libraries in /etc/steplib must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223640CAT IIIBM z/OS HFS objects for the z/OS UNIX Telnet Server must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223644CAT IIIBM z/OS System data sets used to support the VTAM network must be properly secured.IBM z/OS ACF2 Security Technical Implementation Guide V-223645CAT IIIBM z/OS VTAM USSTAB definitions must not be used for unsecured terminals.IBM z/OS ACF2 Security Technical Implementation Guide V-255945CAT IIIBM Integrated Crypto Service Facility (ICSF) STC data sets must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223649CAT IIBM RACF must limit Write or greater access to SYS1.NUCLEUS to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-223650CAT IIIIBM RACF must limit Write or greater access to libraries that contain PPT modules to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-223674CAT IIBM RACF must limit Write or greater access to SYS1.IMAGELIB to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-223675CAT IIBM RACF must limit Write or greater access to SYS1.SVCLIB to appropriate authorized users.IBM z/OS RACF Security Technical Implementation Guide V-223676CAT IIBM RACF must limit Write or greater access to SYS1.LPALIB to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-223677CAT IIBM z/OS libraries included in the system REXXLIB concatenation must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223678CAT IIBM RACF must limit write or greater access to all LPA libraries to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-223679CAT IIBM RACF must limit Write or greater access to libraries containing EXIT modules to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-223680CAT IIIBM RACF must limit WRITE or greater access to all system-level product installation libraries to system programmers.IBM z/OS RACF Security Technical Implementation Guide V-223681CAT IIIBM RACF must limit access to SYSTEM DUMP data sets to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-223682CAT IIBM RACF must limit WRITE or greater access to all APF-authorized libraries to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-223683CAT IIIBM RACF access to SYS1.LINKLIB must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223684CAT IThe IBM RACF System REXX IRRPWREX security data set must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223685CAT IIBM RACF security data sets and/or databases must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223690CAT IIIBM RACF must limit WRITE or greater access to the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-223697CAT IIBM z/OS SYS1.PARMLIB must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223826CAT IIIBM z/OS data sets for the Base TCP/IP component must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223845CAT IIIBM z/OS UNIX MVS data sets or HFS objects must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223846CAT IIIBM z/OS UNIX MVS data sets WITH z/OS UNIX COMPONENTS must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223847CAT IIIBM z/OS UNIX HFS permission bits and audit bits for each directory must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223848CAT IIIBM z/OS UNIX SYSTEM FILE SECURITY SETTINGS must be properly protected or specified.IBM z/OS RACF Security Technical Implementation Guide V-223849CAT IIIBM z/OS UNIX MVS data sets used as step libraries in /etc/steplib must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223865CAT IIIBM z/OS HFS objects for the z/OS UNIX Telnet Server must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223869CAT IIIBM z/OS System datasets used to support the VTAM network must be properly secured.IBM z/OS RACF Security Technical Implementation Guide V-223870CAT IIIBM z/OS VTAM USSTAB definitions must not be used for unsecured terminals.IBM z/OS RACF Security Technical Implementation Guide V-235033CAT IIIBM RACF must limit WRITE or greater access to LINKLIST libraries to system programmers only.IBM z/OS RACF Security Technical Implementation Guide V-255939CAT IIIBM Integrated Crypto Service Facility (ICSF) STC data sets must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223882CAT IIBM z/OS SYS1.PARMLIB must be properly protected.IBM z/OS TSS Security Technical Implementation Guide V-223893CAT IICA-TSS access to SYS1.LINKLIB must be properly protected.IBM z/OS TSS Security Technical Implementation Guide V-223894CAT ICA-TSS must limit Write or greater access to SYS1.SVCLIB to system programmers only.IBM z/OS TSS Security Technical Implementation Guide V-223895CAT ICA-TSS must limit Write or greater access to SYS1.IMAGELIB to system programmers only.IBM z/OS TSS Security Technical Implementation Guide V-223896CAT ICA-TSS must limit Write or greater access to SYS1.LPALIB to system programmers only.IBM z/OS TSS Security Technical Implementation Guide V-223897CAT ICA-TSS must limit WRITE or greater access to all APF-authorized libraries to system programmers only.IBM z/OS TSS Security Technical Implementation Guide V-223898CAT IIBM z/OS libraries included in the system REXXLIB concatenation must be properly protected.IBM z/OS TSS Security Technical Implementation Guide V-223899CAT ICA-TSS must limit Write or greater access to all LPA libraries to system programmers only.IBM z/OS TSS Security Technical Implementation Guide V-223900CAT ICA-TSS must limit Write or greater access to SYS1.NUCLEUS to system programmers only.IBM z/OS TSS Security Technical Implementation Guide V-223901CAT IIICA-TSS must limit Write or greater access to libraries that contain PPT modules to system programmers only.IBM z/OS TSS Security Technical Implementation Guide V-223902CAT IICA-TSS must limit WRITE or greater access to LINKLIST libraries to system programmers only.IBM z/OS TSS Security Technical Implementation Guide V-223903CAT ICA-TSS security data sets and/or databases must be properly protected.IBM z/OS TSS Security Technical Implementation Guide V-223906CAT IICA-TSS must limit WRITE or greater access to all system-level product installation libraries to system programmers only.IBM z/OS TSS Security Technical Implementation Guide V-223907CAT IICA-TSS must limit WRITE or greater access to the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) to system programmers only.IBM z/OS TSS Security Technical Implementation Guide