STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 1 hour ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Mainframe Product Security Requirements Guide

Version

V3R4

Release Date

Sep 10, 2025

SCAP Benchmark ID

Mainframe_Product_SRG

Total Checks

194

Tags

other

CAT I: 3CAT II: 191CAT III: 0

This Security Requirements Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (194)

V-205439MEDIUMThe Mainframe Product must limit the number of concurrent sessions to three for all accounts and/or account types.V-205440MEDIUMThe Mainframe Product must conceal, via the session lock, information previously visible on the display with a publicly viewable image.V-205441MEDIUMThe Mainframe Product must initiate a session lock after a 15-minute period of inactivity.V-205442MEDIUMThe Mainframe Product must provide the capability for users to directly initiate a session lock.V-205443MEDIUMThe Mainframe Product must retain the session lock until the user reestablishes access using established identification and authentication procedures.V-205444MEDIUMThe Mainframe Product must use an external security manager for all account management functions.V-205445MEDIUMThe Mainframe Product must automatically remove or disable temporary user accounts after 72 hours.V-205446MEDIUMThe Mainframe Product must automatically disable accounts after 35 days of account inactivity.V-205447MEDIUMThe Mainframe Product must automatically audit account creation.V-205448MEDIUMThe Mainframe Product must automatically audit account modification.V-205449MEDIUMThe Mainframe Product must automatically audit account disabling actions.V-205450MEDIUMThe Mainframe Product must automatically audit account removal actions.V-205451MEDIUMThe Mainframe Product must enforce approved authorizations for logical access to sensitive information and system resources in accordance with applicable access control policies.V-205452MEDIUMThe Mainframe Product must enforce approved authorizations for security administrator access to sensitive information and system resources in accordance with applicable access control policies.V-205453MEDIUMThe Mainframe Product must enforce approved authorizations for system programmer access to sensitive information and system resources in accordance with applicable access control policies.V-205454MEDIUMThe Mainframe Product must enforce approved authorizations for controlling the flow of information within the system based on site security plan information flow control policies.V-205455MEDIUMThe Mainframe Product must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.V-205456MEDIUMMainframe Products scanning for malicious code must scan all media used for system maintenance prior to use.V-205457MEDIUMThe Mainframe Product must protect against an individual (or process acting on behalf of an individual) falsely denying having performed actions defined in the site security plan to be covered by non-repudiation.V-205458MEDIUMFor Mainframe Products providing audit record aggregation, the Mainframe Product must compile audit records from mainframe components into a system-wide audit trail that is time-correlated with a tolerance for the relationship between time stamps of individual records in the audit trail in accordance with the site security plan.V-205459MEDIUMThe Mainframe Product must provide audit record generation capability for DoD-defined auditable events within all application components.V-205460MEDIUMThe Mainframe Product must allow only the information system security manager (ISSM) or individuals or roles appointed by the ISSM to select which auditable events are to be audited.V-205461MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to access privileges occur.V-205462MEDIUMThe Mainframe Product must initiate session auditing upon startup.V-205464MEDIUMThe Mainframe Product must produce audit records containing information to establish what type of events occurred.V-205465MEDIUMThe Mainframe Product must produce audit records containing information to establish when (date and time) the events occurred.V-205466MEDIUMThe Mainframe Product must produce audit records containing information to establish where the events occurred.V-205467MEDIUMThe Mainframe Product must produce audit records containing information to establish the source of the events.V-205468MEDIUMThe Mainframe Product must produce audit records containing information to establish the outcome of the events.V-205469MEDIUMThe Mainframe Product must generate audit records containing information to establish the identity of any individual or process associated with the event.V-205470MEDIUMThe Mainframe Product must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.V-205471MEDIUMThe Mainframe Product must alert the system administrator (SA) and information system security officer (ISSO) (at a minimum) in the event of an audit processing failure.V-205473MEDIUMThe Mainframe Product must provide the capability to centrally review and analyze audit records from multiple components within the system.V-205474MEDIUMThe Mainframe Product must prevent the execution of prohibited mobile code.V-205475MEDIUMThe Mainframe Products must provide the capability to filter audit records for events of interest as defined in site security plan.V-205476MEDIUMThe Mainframe Products must use internal system clocks to generate time stamps for audit records.V-205477MEDIUMThe Mainframe Product must protect audit information from any type of unauthorized read access.V-205478MEDIUMThe Mainframe Product must protect audit information from unauthorized modification.V-205479MEDIUMThe Mainframe Product must protect audit information from unauthorized deletion.V-205480MEDIUMThe Mainframe Product must protect audit tools from unauthorized access.V-205481MEDIUMThe Mainframe Product must protect audit tools from unauthorized modification.V-205482MEDIUMThe Mainframe Product must protect audit tools from unauthorized deletion.V-205483MEDIUMThe Mainframe Product must prevent the installation of patches, service packs, or application components without verification that the software component has been digitally signed using a certificate that is recognized and approved by the organization.V-205484MEDIUMThe Mainframe Product must limit privileges to change the Mainframe Product installation datasets to system programmers and authorized users in accordance with applicable access control policies.V-205485MEDIUMThe Mainframe Product must limit privileges to change Mainframe Product started task and job datasets to system programmers and authorized users in accordance with applicable access control policies.V-205486MEDIUMThe Mainframe Product must limit privileges to change Mainframe Product user datasets to authorized individuals.V-205487MEDIUMThe Mainframe Product must be configured to disable non-essential capabilities.V-205488MEDIUMThe Mainframe Product must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).V-205489MEDIUMThe Mainframe Product must use multifactor authentication for network access to privileged accounts.V-205490MEDIUMThe Mainframe Product must use multifactor authentication for network access to non-privileged accounts.V-205491MEDIUMThe Mainframe Product must use multifactor authentication for local access to privileged accounts.V-205492MEDIUMThe Mainframe Product must use multifactor authentication for local access to nonprivileged accounts.V-205493MEDIUMThe Mainframe Product must verify users are authenticated with an individual authenticator prior to using a group authenticator.V-205494MEDIUMThe Mainframe Product must enforce a minimum 15-character password length.V-205496MEDIUMThe Mainframe Product must enforce password complexity by requiring that at least one uppercase character be used.V-205497MEDIUMThe Mainframe Product must enforce password complexity by requiring that at least one lowercase character be used.V-205498MEDIUMThe Mainframe Product must enforce password complexity by requiring that at least one numeric character be used.V-205499MEDIUMThe Mainframe Product must enforce password complexity by requiring that at least one special character be used.V-205500MEDIUMThe Mainframe Product must require the change of at least eight of the total number of characters when passwords are changed.V-205501MEDIUMThe Mainframe Product must store only cryptographically protected passwords.V-205502MEDIUMThe Mainframe Product must transmit only cryptographically protected passwords.V-205503MEDIUMThe Mainframe Product must enforce 24 hours/1 day as the minimum password lifetime.V-205504MEDIUMThe Mainframe Product must enforce a 60-day maximum password lifetime restriction.V-205505MEDIUMThe Mainframe Product, when using PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.V-205506MEDIUMThe Mainframe Product, when using PKI-based authentication, must enforce authorized access to the corresponding private key.V-205507MEDIUMThe Mainframe Product must map the authenticated identity to the individual user or group account for PKI-based authentication.V-205508MEDIUMThe Mainframe Product must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.V-205509MEDIUMThe Mainframe Product must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.V-205510MEDIUMThe Mainframe Product must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).V-205511MEDIUMThe Mainframe Product must provide an audit reduction capability that supports on-demand reporting requirements.V-205513MEDIUMThe Mainframe Product must identify prohibited mobile code.V-205514MEDIUMThe Mainframe Product must block, quarantine, and/or alert system administrators when prohibited mobile code is identified.V-205515MEDIUMThe Mainframe Product must prevent the download of prohibited mobile code.V-205516MEDIUMThe Mainframe Product must prevent the automatic execution of mobile code in, at a minimum, office applications, browsers, email clients, mobile code run-time environments, and mobile agent systems.V-205517MEDIUMThe Mainframe Product must separate user functionality (including user interface services) from information system management functionality.V-205518MEDIUMThe Mainframe Product must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.V-205519MEDIUMIn the event of application failure, Mainframe Products must preserve any information necessary to determine the cause of failure and any information necessary to return to operations with the least disruption to mission processes.V-205520MEDIUMThe Mainframe Product must protect the confidentiality and integrity of all information at rest.V-205521MEDIUMThe Mainframe Product must isolate security functions from nonsecurity functions.V-205522MEDIUMThe Mainframe Product must be configured such that emergency accounts are never automatically removed or disabled.V-205523MEDIUMThe Mainframe Product must check the validity of all data inputs except those specifically identified by the organization.V-205524MEDIUMThe Mainframe Product must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.V-205525MEDIUMThe Mainframe Product must reveal full-text detail error messages only to system programmers and/or security administrators.V-205526MEDIUMThe Mainframe Product must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy.V-205527MEDIUMThe Mainframe product must notify the system programmer and security administrator of failed security verification tests.V-205528MEDIUMThe Mainframe Product must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management procedures.V-205529MEDIUMThe Mainframe Product must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days.V-205530MEDIUMThe Mainframe Product must use cryptographic mechanisms to protect the integrity of audit tools.V-205531MEDIUMThe Mainframe Product must notify system programmers and security administrators when accounts are created.V-205532MEDIUMThe Mainframe Product must notify system programmers and security administrators when accounts are modified.V-205533MEDIUMThe Mainframe Product must notify system programmers and security administrators for account disabling actions.V-205534MEDIUMThe Mainframe Product must notify system programmers and security administrators for account removal actions.V-205535MEDIUMThe Mainframe Product must automatically terminate a user session after conditions, as defined in site security plan, are met or trigger events requiring session disconnect.V-205536MEDIUMMainframe Products requiring user access authentication must provide a logoff capability for a user-initiated communication session.V-205537MEDIUMThe Mainframe Product must display an explicit logoff message to users indicating the reliable termination of authenticated communications sessions.V-205538MEDIUMThe Mainframe Product must associate types of security attributes having security attribute values as defined in site security plan with information in storage.V-205539MEDIUMThe Mainframe Product must associate types of security attributes having security attribute values as defined in site security plan with information in process.V-205540MEDIUMThe Mainframe Product must terminate shared/group account credentials when members leave the group.V-205541MEDIUMThe Mainframe Product must automatically audit account enabling actions.V-205542MEDIUMThe Mainframe Product must notify system programmers and security administrators of account enabling actions.V-205543MEDIUMThe Mainframe Product must enforce organization-defined discretionary access control policies over defined subjects and objects.V-205544MEDIUMThe Mainframe Product must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.V-205545MEDIUMThe Mainframe Product must prevent software as identified in the site security plan from executing at higher privilege levels than users executing the software.V-205546MEDIUMThe Mainframe Product must audit the execution of privileged functions.V-205547MEDIUMThe Mainframe Product must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.V-205553MEDIUMThe mainframe product must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.V-205554MEDIUMThe Mainframe Product must off-load audit records onto a different system or media than the system being audited.V-205555MEDIUMThe Mainframe Product must provide an immediate warning to the system programmer and security administrator (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.V-205556MEDIUMThe Mainframe Product must provide an immediate real-time alert to the operations staff, system programmers, and/or security administrators, at a minimum, of all audit failure events requiring real-time alerts.V-205557MEDIUMThe Mainframe Product must provide an audit reduction capability that supports on-demand audit review and analysis.V-205558MEDIUMThe Mainframe Product must provide an audit reduction capability that supports after-the-fact investigations of security incidents.V-205559MEDIUMThe Mainframe Product must provide a report generation capability that supports on-demand audit review and analysis.V-205560MEDIUMThe Mainframe Product must provide a report generation capability that supports on-demand reporting requirements.V-205561MEDIUMThe Mainframe Product must provide a report generation capability that supports after-the-fact investigations of security incidents.V-205562MEDIUMThe Mainframe Product must provide an audit reduction capability that does not alter original content or time ordering of audit records.V-205563MEDIUMThe Mainframe Product must provide a report generation capability that does not alter original content or time ordering of audit records.V-205564MEDIUMThe Mainframe product must prohibit user installation of software without explicit privileged status.V-205565MEDIUMThe Mainframe Product must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner.V-205566MEDIUMThe Mainframe Product must enforce access restrictions associated with changes to application configuration.V-205567MEDIUMThe Mainframe Product must audit the enforcement actions used to restrict access associated with changes to the application.V-205570MEDIUMThe Mainframe Product must accept Personal Identity Verification (PIV) credentials.V-205571MEDIUMThe Mainframe Product must electronically verify Personal Identity Verification (PIV) credentials.V-205573MEDIUMThe Mainframe Product must prohibit the use of cached authenticators after one hour.V-205574MEDIUMThe Mainframe Product must accept Personal Identity Verification (PIV) credentials from other federal agencies.V-205575MEDIUMThe Mainframe Product must electronically verify Personal Identity Verification (PIV) credentials from other federal agencies.V-205576MEDIUMThe Mainframe Product must accept Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials.V-205577MEDIUMThe Mainframe Product must conform to Federal Identity, Credential, and Access Management (FICAM)-issued profiles.V-205578MEDIUMMainframe Products must audit nonlocal maintenance and diagnostic sessions audit events as defined in site security plan.V-205579MEDIUMMainframe Products must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.V-205580MEDIUMMainframe Products must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.V-205581MEDIUMMainframe Products must verify remote disconnection at the termination of nonlocal maintenance and diagnostic sessions.V-205582MEDIUMThe Mainframe Product must implement privileged access authorization to all information systems and infrastructure components for selected vulnerability scanning activities as defined in the site security plan.V-205584HIGHThe Mainframe Product must implement cryptographic mechanisms to prevent unauthorized modification of all information not cleared for public release at rest on system components outside of organization facilities.V-205585HIGHThe Mainframe Product must implement cryptographic mechanisms to prevent unauthorized disclosure of all information not cleared for public release at rest on system components outside of organization facilities.V-205586MEDIUMThe Mainframe Product must maintain a separate execution domain for each executing process.V-205587MEDIUMThe Mainframe Product must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.V-205588MEDIUMThe Mainframe Product must implement security safeguards to protect its memory from unauthorized code execution.V-205589MEDIUMThe Mainframe Product must remove all upgraded/replaced software components that are no longer required for operation after updated versions have been installed.V-205590MEDIUMThe Mainframe Product must install security-relevant software updates within 30 days unless the time period is directed by an authoritative source (e.g., IAVM, CTOs, DTMs, STIGs).V-205591MEDIUMThe Mainframe Product performing organization-defined security functions must verify correct operation of security functions.V-205592MEDIUMThe Mainframe Product must perform verification of the correct operation of security functions upon system startup and/or restart; upon command by a user with privileged access; and/or every 30 days.V-205593MEDIUMThe Mainframe Product must either shut down, restart, and/or notify the appropriate personnel when anomalies in the operation of the security functions as defined in site security plan are discovered.V-205594MEDIUMThe Mainframe product must perform an integrity check of all software from vendors/sources that provide cryptographic mechanisms to enable the validation of code authenticity and integrity at startup, at transitional states as defined in site security plan or security-relevant events, or annually.V-205595MEDIUMThe Mainframe Product must perform an integrity check of information as defined in site security plan at startup, at transitional states as defined in site security plan or security-relevant events, or annually.V-205596MEDIUMThe Mainframe Product must automatically shut down the information system, restart the information system, and/or implement security safeguards as conditions as defined in site security plan when integrity violations are discovered.V-205597MEDIUMThe Mainframe Product must audit detected potential integrity violations.V-205598MEDIUMThe Mainframe Product, upon detection of a potential integrity violation, must initiate one or more of the following actions: generate an audit record, alert the current user, alert personnel or roles as defined in the site security plan, and/or perform other actions as defined in the SSP.V-205599MEDIUMThe Mainframe Product must prompt the user for action prior to executing mobile code.V-205600MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to access security objects occur.V-205601MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to access security levels occur.V-205602MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.V-205603MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to modify privileges occur.V-205604MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to modify security objects occur.V-205605MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to modify security levels occur.V-205606MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.V-205607MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to delete privileges occur.V-205608MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to delete security levels occur.V-205609MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to delete security objects occur.V-205610MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur.V-205611MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful logon attempts occur.V-205612MEDIUMThe Mainframe Product must generate audit records for privileged activities or other system-level access.V-205613MEDIUMThe Mainframe Product must generate audit records showing starting and ending time for user access to the system.V-205614MEDIUMThe Mainframe Product must generate audit records when concurrent logons from different workstations occur.V-205615MEDIUMThe Mainframe Product must generate audit records when successful/unsuccessful accesses to objects occur.V-205616MEDIUMThe Mainframe Product must generate audit records for all direct access to the information system.V-205617MEDIUMThe Mainframe Product must generate audit records for all account creations, modifications, disabling, and termination events.V-205618MEDIUMThe Mainframe Product must generate audit records for all kernel module load, unload, and restart events, and for all program initiations.V-205619MEDIUMThe Mainframe Product must implement NIST FIPS-validated cryptography to provision digital signatures in accordance with applicable federal laws, Executive orders, directives, policies, regulations, and standards.V-205620MEDIUMThe Mainframe Product must implement NIST FIPS-validated cryptography to generate and validate cryptographic hashes in accordance with applicable federal laws, Executive orders, directives, policies, regulations, and standards.V-205621MEDIUMThe Mainframe Product must implement NIST FIPS-validated cryptography to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive orders, directives, policies, regulations, and standards.V-205622MEDIUMThe Mainframe Product must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.V-219060MEDIUMThe Mainframe Product must provide the capability for authorized users to select a user session to capture/record or view/hear.V-219061MEDIUMThe Mainframe Product must provide the capability for authorized users to remotely view/hear, in real time, all content related to an established user session from a component separate from the Mainframe Product being monitored.V-253508MEDIUMThe Mainframe Product must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive orders, directives, policies, regulations, and standards.V-263669MEDIUMThe Mainframe Product must disable accounts when the accounts have expired.V-263670MEDIUMThe Mainframe Product must disable accounts when the accounts are no longer associated to a user.V-263671MEDIUMThe Mainframe Product must implement the capability to centrally review and analyze audit records from multiple components within the system.V-263672MEDIUMThe Mainframe Product must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.V-263673MEDIUMThe Mainframe Product must implement multifactor authentication for local; network; and/or remote access to privileged accounts; and/or nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access.V-263674MEDIUMThe Mainframe Product must implement multifactor authentication for local; network; and/or remote access to privileged accounts; and/or nonprivileged accounts such that the device meets organization-defined strength of mechanism requirements.V-263675MEDIUMThe Mainframe Product must, for password-based authentication, maintain a list of commonly used, expected, or compromised passwords on an organization-defined frequency.V-263676MEDIUMThe Mainframe Product must, for password-based authentication, update the list of passwords on an organization-defined frequency.V-263677MEDIUMThe Mainframe Product must, for password-based authentication, update the list of passwords when organizational passwords are suspected to have been compromised directly or indirectly.V-263678MEDIUMThe Mainframe Product must, for password-based authentication, verify when users create or update passwords, that the passwords are not found on the list of commonly-used, expected, or compromised passwords in IA-5 (1) (a).V-263679MEDIUMThe Mainframe Product must, for password-based authentication, require immediate selection of a new password upon account recovery.V-263680MEDIUMThe Mainframe Product must, for password-based authentication, allow user selection of long passwords and passphrases, including spaces and all printable characters.V-263681MEDIUMThe Mainframe Product must, for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.V-263682MEDIUMThe Mainframe Product must for public key-based authentication, implement a local cache of revocation data to support path discovery and validation.V-263683MEDIUMThe Mainframe Product must protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by logically separated communications paths.V-263684MEDIUMThe Mainframe Product must include only approved trust anchors in trust stores or certificate stores managed by the organization.V-263685MEDIUMThe Mainframe Product must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.V-263686MEDIUMThe Mainframe Product must synchronize system clocks within and between systems or system components.V-263687MEDIUMThe Mainframe Product must compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source.V-278990HIGHThe Mainframe Product must be a version supported by the vendor.