UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The number of users granted the special privilege OPERATOR must be kept to a strictly controlled minimum.


Overview

Finding ID Version Rule ID IA Controls Severity
V-181 ACF0850 SV-181r3_rule Medium
Description
Users with this privilege can do anything from canceling jobs to disabling the entire system. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data.
STIG Date
z/OS ACF2 STIG 2018-12-20

Details

Check Text ( C-18256r2_chk )
Refer to the following report produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(ATTOPER)

Automated Analysis
Refer to the following report produced by the ACF2 Data Collection Checklist:

- PDI(ACF0850)

If the number of users granted the special privilege "OPERATOR" is strictly controlled and limited to systems programmer and operations personnel, this is NOT a finding.
Security managers may be granted this access at the discretion of the ISSM.

If the number of users granted the special privilege "OPERATOR" is not strictly controlled and limited to systems programmer, security manager or operations personnel, this is a finding.
Fix Text (F-17369r3_fix)
Ensure that access to the special privilege "OPERATOR" is kept to a minimum and limited to systems programmer, security manager and operations personnel.

Review all LOGONIDs with the "OPERATOR" attribute.