STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

IBM zSecure Suite Security Technical Implementation Guide

Version

V1R3

Release Date

Mar 5, 2025

SCAP Benchmark ID

IBM_zSecure_Suite_STIG

Total Checks

11

Tags

other
CAT I: 0CAT II: 11CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (11)

V-259728MEDIUMAccess to IBM Security zSecure installation data sets must be properly restricted and logged.V-259729MEDIUMAccess to IBM Security zSecure STC data sets must be properly restricted and logged.V-259730MEDIUMAccess to IBM Security zSecure user data sets must be properly restricted and logged.V-259731MEDIUMStarted tasks for IBM Security zSecure products must be properly defined.V-259732MEDIUMAccess to IBM Security zSecure program resources must be limited to authorized users.V-259733MEDIUMIBM Security zSecure must prevent nonprivileged users from executing privileged zSecure functions.V-259734MEDIUMThe IBM Security zSecure programs CKFCOLL and CKGRACF, and the APF-authorized version of program CKRCARLA, must be restricted to security administrators, security batch jobs performing External Security Manager (ESM) maintenance, auditors, and systems programmers, and must be audited.V-259735MEDIUMIBM Security zSecure must implement organization-defined automated security responses if baseline zSecure configurations are changed in an unauthorized manner.V-259736MEDIUMIBM Security zSecure must remove all upgraded/replaced zSecure software components that are no longer required for operation after updated versions have been installed.V-259737MEDIUMIBM Security zSecure system administrators must install security-relevant zSecure software updates within the time period directed by an authoritative source (e.g., IAVMs, CTOs, DTMs, and STIGs).V-259738MEDIUMXFACILIT class, or alternate class if specified in module CKRSITE, must be active.