IBM z/OS Started Tasks must be properly identified and defined to ACF2.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-223485 | ACF2-ES-000670 | SV-223485r877342_rule | Medium |
| Description |
|---|
| Started procedures have system generated job statements that do not contain the user, group, or password statements. To enable the started procedure to access the same protected resources that users and groups access, started procedures must have an associated USERID. If a USERID is not associated with the started procedure, the started procedure will not have access to the resources. To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. |
| STIG | Date |
|---|---|
| IBM z/OS ACF2 Security Technical Implementation Guide | 2022-12-14 |
Details
| Check Text ( C-25158r877322_chk ) |
|---|
| Refer to the site security plan, the system administrator, and system libraries to determine list of stated tasks available on the system. From the ACF command screen enter: SET LID SET VERBOSE LIST IF(STC) If all logonids identified as started tasks have the STC attribute specified, this is not a finding. |
| Fix Text (F-25146r504565_fix) |
|---|
| All started tasks will be assigned an individual logonid. The logonid for a Started Task Control (STC) will be granted the minimum privileges necessary for the STC to function. In addition to the default LID field settings, all STC logonids will have the following field setting: STC Example: SET LID INSERT logonid STC |