UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

IBM z/OS must not have duplicated sensitive utilities and/or programs existing in APF libraries.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223787 RACF-OS-000310 SV-223787r604139_rule Low
Description
Removal of unneeded or non-secure functions, ports, protocols, and services mitigate the risk of unauthorized connection of devices, unauthorized transfer of information, or other exploitation of these resources.
STIG Date
IBM z/OS RACF Security Technical Implementation Guide 2024-02-22

Details

Check Text ( C-25460r515049_chk )
From an ISPF Command line enter:
TSO ISRDDN APF

An APF List results

On the command line enter:
DUPlicates (make sure there is appropriate access; if there is not you may receive insufficient access errors)

If any of the list of Sensitive Utilities exist in the duplicate APF modules return, this is a finding.

The following list contains Sensitive Utilities that will be checked.

AHLGTF AMASPZAP AMAZAP AMDIOCP AMZIOCP
BLSROPTR CSQJU003 CSQJU004 CSQUCVX CSQUTIL
CSQ1LOGP DEBE DITTO FDRZAPOP GIMSMP
HHLGTF ICKDSF ICPIOCP IDCSC01 IEHINITT
IFASMFDP IGWSPZAP IHLGTF IMASPZAP IND$FILE
IOPIOCP IXPIOCP IYPIOCP IZPIOCP WHOIS
L052INIT TMSCOPY TMSFORMT TMSLBLPR TMSMULV
TMSREMOV TMSTPNIT TMSUDSNB
Fix Text (F-25448r515050_fix)
Review and ensure that duplicate sensitive utility(ies) and/or program(s) do not exist in APF-authorized libraries. Identify all versions of the sensitive utilities contained in APF-authorized libraries listed in the above check. In cases where duplicates exist, ensure no exposure has been created and written justification has been filed with the ISSO.

Comparisons among all the APF libraries will be done to ensure that an exposure is not created by the existence of identically named modules. Address any sensitive utility concerns so that the function can be restricted as required.