Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-235033 | RACF-ES-000030 | SV-235033r619949_rule | Medium |
Description |
---|
The primary function of the LINKLIST is to serve as a single repository for commonly used system modules. Failure to ensure that the proper set of libraries is designated for LINKLIST can impact system integrity, performance, and functionality. For this reason, controls must be employed to ensure that the correct set of LINKLIST libraries is used. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data. Satisfies: SRG-OS-000080-GPOS-00048, SRG-OS-000259-GPOS-00100, SRG-OS-000324-GPOS-00125 |
STIG | Date |
---|---|
IBM z/OS RACF Security Technical Implementation Guide | 2022-01-05 |
Check Text ( C-38221r619947_chk ) |
---|
From Any ISPF input line, enter: TSO ISRDDN LINKLIST If all of the following are untrue, this is not a finding. If any of the following is true, this is a finding. -The ACP data set rules for LINKLIST libraries do not restrict WRITE or greater access to only z/OS systems programming personnel. -The ACP data set rules for LINKLIST libraries do not specify that all (i.e., failures and successes) WRITE or greater access will be logged. |
Fix Text (F-38184r619948_fix) |
---|
Review access authorization to critical system files. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes as required to protect the LINKLIST libraries. Configure the WRITE or greater access to LINKLIST libraries to be limited to system programmers only and all WRITER or greater access is logged. |