Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6976 | ZUSS0032 | SV-7279r2_rule | DCCS-1 DCCS-2 ECCD-1 ECCD-2 | Medium |
Description |
---|
For the z/OS UNIX environment, there are MVS data sets that contain operating system components, MVS data sets that contain HFS file systems with operating system components, and MVS data sets that contain HFS file systems with application system and user data. All of these MVS data sets require definitions in the ACP to enforce desired access controls. In addition, the UNIX permission bits must be properly set on the HFS directories and files to enforce desired access controls. |
STIG | Date |
---|---|
z/OS ACF2 STIG | 2018-01-05 |
Check Text ( C-20983r1_chk ) |
---|
a) Refer to the following report produced by the ACP Data Collection: - SENSITVE.RPT(USSRPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ZUSS0032) b) If the ACP data set rules for each of the data sets listed in the MVS DATA SETS WITH z/OS UNIX COMPONENTS Table in the z/OS STIG Addendum restrict UPDATE and ALLOCATE access to systems programming personnel, there is NO FINDING. c) If (b) above is untrue, this is a FINDING. |
Fix Text (F-18951r1_fix) |
---|
Verify that the ACP data set rules for each of the data sets listed in the specified table in the z/OS STIG Addendum under MVS DATA SETS WITH z/OS UNIX COMPONENTS restrict UPDATE and ALLOCATE access to systems programming personnel. The data sets designated as distribution data sets should have all access restricted to systems programming personnel. TSO/E users who also use z/OS UNIX should have read access to the SYS1.SBPX* data sets. Read access for all users to the remaining target data sets is at the site’s discretion. All other access must be restricted to systems programming personnel. |