UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

LOGONIDs must not be defined to SYS1.UADS for non-emergency use.


Overview

Finding ID Version Rule ID IA Controls Severity
V-184 ZTSO0020 SV-184r3_rule DCCS-1 DCCS-2 ECCD-1 ECCD-2 High
Description
SYS1.UADS is a dataset where LOGONIDs will be maintained with applicable password information when the ACP is not functional. If an unauthorized user has access to SYS1.UADS, they could enter their LOGONID and password into the SYS1.UADS dataset and could give themselves all special attributes on the system. This could enable the user to bypass all security and alter data. They could modify the audit trail information so no trace of their activity could be found.
STIG Date
z/OS ACF2 STIG 2017-03-22

Details

Check Text ( C-20973r1_chk )
a) Refer to the following report produced by the z/OS Data Collection:

- EXAM.RPT(TSOUADS)

Please provide a list of all emergency userids available to the site along with the associated function of each.

b) If SYS1.UADS userids are limited and reserved for emergency purposes only, there is NO FINDING.

c) If any SYS1.UADS userids are assigned for other than emergency purposes, this is a FINDING.
Fix Text (F-18939r1_fix)
The system programmer and IAO will examine the SYS1.UADS entries to ensure LOGONIDs defined include only those users required to support specific functions related to system recovery. Evaluate the impact of accomplishing the change.