UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

IBM z/OS Started Tasks must be properly identified and defined to ACF2.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223485 ACF2-ES-000670 SV-223485r877342_rule Medium
Description
Started procedures have system generated job statements that do not contain the user, group, or password statements. To enable the started procedure to access the same protected resources that users and groups access, started procedures must have an associated USERID. If a USERID is not associated with the started procedure, the started procedure will not have access to the resources. To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
STIG Date
IBM z/OS ACF2 Security Technical Implementation Guide 2023-09-19

Details

Check Text ( C-25158r877322_chk )
Refer to the site security plan, the system administrator, and system libraries to determine list of stated tasks available on the system.

From the ACF command screen enter:
SET LID
SET VERBOSE
LIST IF(STC)

If all logonids identified as started tasks have the STC attribute specified, this is not a finding.
Fix Text (F-25146r504565_fix)
All started tasks will be assigned an individual logonid. The logonid for a Started Task Control (STC) will be granted the minimum privileges necessary for the STC to function. In addition to the default LID field settings, all STC logonids will have the following field setting:

STC

Example:
SET LID
INSERT logonid STC