Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-223711 | RACF-ES-000640 | SV-223711r991589_rule | Medium |
Description |
---|
Configuring the operating system to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture and/or functionality of the system. Security-related parameters are those parameters impacting the security state of the system, including the parameters required to satisfy other security control requirements. Security-related parameters include, for example: registry settings; account, file, directory permission settings; and settings for functions, ports, protocols, services, and remote connections. |
STIG | Date |
---|---|
IBM z/OS RACF Security Technical Implementation Guide | 2024-06-24 |
Check Text ( C-25384r514821_chk ) |
---|
Ask the system administrator to determine that procedures exist to back up the security data base and files. Have the system administrator identify the dataset names and frequency of the backups. If, based on the information provided, it can be determined that the ESM database is being backed up on a regularly scheduled basis, this is not a finding. If it cannot be determined that the ESM database is being backed up on a regularly scheduled basis, this is a finding. |
Fix Text (F-25372r514822_fix) |
---|
Develop procedures to back up all ACP files needed for recovery on a scheduled basis. Identify the ACP database and ensure that documented processes are in place to back up its contents on a regularly scheduled basis. At a minimum, this should include nightly backup of the ACP databases and of other critical security files (such as the ACP parameter file). More frequent backups (two or three times daily) will reduce the time necessary to effect recovery. The ISSO will verify that the backup job(s) run successfully. |