UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Update and allocate access to System backup files are not limited to system programmers and/or batch jobs that perform DASD backups.


Overview

Finding ID Version Rule ID IA Controls Severity
V-126 ACP00210 SV-126r2_rule CODB-1 DCCS-1 DCCS-2 ECCD-1 Medium
Description
System backup data sets are necessary for recovery of DASD resident data sets. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.
STIG Date
z/OS ACF2 STIG 2018-04-04

Details

Check Text ( C-5027r1_chk )
a) Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(BKUPRPT)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ACP00210)

Collect from the storage management group the identification of the DASD backup files and all associated storage management userids/LIDs/ACIDs.

___ The ACP data set rules for system DASD backup files allow inappropriate access.

___ The ACP data set rules for system DASD backup files do not restrict UPDATE and ALLOCATE access to z/OS systems programming and/or batch jobs that perform DASD backups.

b) If both of the above are untrue, there is NO FINDING.

c) If either of the above is true, or if these data sets cannot be identified due to a lack of requested information, this is a FINDING.
Fix Text (F-17416r1_fix)
Obtain the high level indexes to backup datasets names and verify that their access is restricted by the System's ACP to System Programmers and batch jobs that perform the backups. If any other userids are specified, make sure that the IAO has documented justification for the access.