Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The LOGONID with the ACCTPRIV attribute must be restricted to the IAO.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-173 | ACF0770 | SV-173r2_rule | DCCS-1 DCCS-2 | Medium |
| Description |
|---|
| Individuals with the ACCTPRIV could add or delete users in SYS1.UADS and jeopardize the availability of the operating system, ACP, and customer data. |
| STIG | Date |
|---|---|
| z/OS ACF2 STIG | 2016-01-04 |
Details
| Check Text ( C-267r1_chk ) |
|---|
| Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTACPRV) Automated Analysis Refer to the following report produced by the ACF2 Data Collection: - PDI(ACF0770) Ensure that logonids with the ACCTPRIV attribute specified are assigned to the IAO. |
| Fix Text (F-228r1_fix) |
|---|
| The IAO will ensure Logonids with the ACCTPRIV attribute are only reserved for use by the IAOs and/or IAMs. The ACCTPRIV attribute cannot be scoped, and will be restricted exclusively to a site IAO: Example: SET LID CHANGE logonid ACCTPRIV |