Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-54 | ZJES0060 | SV-54r3_rule | DCCS-1 DCCS-2 ECCD-1 ECCD-2 IAGA-1 | Medium |
Description |
---|
Surrogate users have the ability to submit jobs on behalf of another user (the execution user) without specifying the execution user's password. Jobs submitted by surrogate users run with the identity of the execution user. Failure to properly control surrogate users could result in unauthorized personnel accessing sensitive resources. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data. |
STIG | Date |
---|---|
z/OS ACF2 STIG | 2016-01-04 |
Check Text ( C-65485r2_chk ) |
---|
Refer to the following reports produced by the ACF2 Data Collection: - SENSITVE.RPT(SURROGAT) - ACF2CMDS.RPT(RESOURCE) – Alternate report - ACF2CMDS.RPT(ACFGSO) Review the ACFGSO report executionuserid.SUBMIT resources. These are usually defined to CLASMAP as TYPE(SUR). NOTE: If CLASMAP defines SURROGAT as anything other than TYPE(SUR), replace SUR below with the appropriate three letters. If no executionuserid.SUBMIT resources are defined to the SURROGAT resource class, this is not applicable. If executionuserid.SUBMIT resources are defined to the SURROGAT resource class, review resource rules for TYPE(SUR) if the following items are in effect this is not a finding. ___ All executionlogonid.SUBMIT resources defined to the SURROGAT class specify a default access of PREVENT. ___ All resource access is logged, except for scheduling tasks. ___ Access authorization is restricted to the minimum number of personnel required for running production jobs. |
Fix Text (F-70743r1_fix) |
---|
All executionuserid.SUBMIT resources defined to the SURROGAT resource class specify a default of no access; all access is logged unless it is a scheduling task and access authorization is restricted to the minimum number of personnel required for running production jobs. Ensure the CLASMAP defines SURROGAT as TYPE(SUR). NOTE: If CLASMAP defines SURROGAT as anything other than TYPE(SUR), replace SUR below with the appropriate three letters. Ensure the following items are in effect: 1) All executionlogonid.SUBMIT resources defined to the SURROGAT class specify a default access of PREVENT. 2) All resource access is logged except for scheduling tasks. 3) Access authorization is restricted to the minimum number of personnel required for running production jobs. Consider the following recommendations when implementing security for Executionuserid.SUBMIT resources: Keep the use of Executionuserid.SUBMIT resources outside of those granted to the scheduling software to a minimum number of individuals. The simplest configuration is to only use Executionuserid.SUBMIT for the appropriate Scheduling task/software for production scheduling purposes as documented. Temporary Cross Authorization of the production batch ACID to the scheduling tasks may be allowed for a period for testing by the appropriate specific production Support Team members. Authorization, eligibility and test period is determined by site policy. Access authorization is restricted to the minimum number of personnel required for running production jobs. However, Executionuserid.SUBMIT usage should not become the default for all jobs submitted by individual userids (i.e., system programmer shall use their assigned individual userids for software installation, duties, whereas using a Executionuserid.SUBMIT resource would normally be for scheduled batch production only and as such shall normally be limited to the scheduling task such as CONTROLM) and not granted as a normal daily basis to individual users. Example: $KEY(SRRAUDT) TYPE(SUR) SUBMIT UID(*******STC******CONTROLM) ALLOW - UID(*) PREVENT |