UCF STIG Viewer Logo

IBM z/OS DFSMS control data sets must reside on separate storage volumes.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223559 ACF2-OS-000230 SV-223559r533198_rule Medium
Description
Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture and/or functionality of the system. Security-related parameters are those parameters impacting the security state of the system, including the parameters required to satisfy other security control requirements. Security-related parameters include, for example: registry settings; account, file, directory permission settings; and settings for functions, ports, protocols, services, and remote connections.
STIG Date
IBM z/OS ACF2 Security Technical Implementation Guide 2022-01-05

Details

Check Text ( C-25232r504704_chk )
Review the logical parmlib data sets, example: SYS1.PARMLIB(IGDSMSxx), to identify the fully qualified file names for the following SMS data sets:
Active Control Data Set (ACDS)
Communications Data Set (COMMDS)

If the COMMDS and ACDS SMS data sets identified above reside on different volumes, this is not a finding.

If the COMMDS and ACDS SMS data sets identified above are collocated on the same volume, this is a finding.
Fix Text (F-25220r504705_fix)
Allocate the primary and backup SMS Control data sets on separate volumes.

Source Control Data Set (SCDS) contains a SMS configuration, which defines a storage management policy.

Active Control Data Set (ACDS) contains a copy of the most recently activated configuration. All systems in a SMS complex use this configuration to manage storage.

Communications Data Set (COMMDS) contains the name of the ACDS containing the currently active storage management policy, the current utilization statistics for each system managed volume, and other system information.

The ACDS data set will reside on a different volume than the COMMDS data set.

Allocate backup copies of the ADCS and COMMDS data sets on a different shared volume from the primary ACDS and COMMDS data sets.