Access to System page data sets (i.e., PLPA, COMMON, and LOCALx) are not limited to system programmers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-128	ACP00230	SV-128r2_rule	DCCS-1 DCCS-2 ECCD-1 ECCD-2	Medium

Description
Page data sets hold individual pages of virtual storage when they are paged out of real storage. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data.

STIG	Date
z/OS ACF2 STIG	2019-12-12

Details

Check Text ( C-22933r1_chk )
a) Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(PGXXRPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ACP00230) ___ The ACP data set rules for system page data sets (PLPA, COMMON, and LOCAL) allow inappropriate access. ___ The ACP data set rules for system page data sets (PLPA, COMMON, and LOCAL) do not restrict access to only systems programming personnel. b) If both of the above are untrue, there is NO FINDING. c) If either of the above is true, this is a FINDING

Check Text ( C-22933r1_chk )

a) Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(PGXXRPT)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ACP00230)

___ The ACP data set rules for system page data sets (PLPA, COMMON, and LOCAL) allow inappropriate access.

___ The ACP data set rules for system page data sets (PLPA, COMMON, and LOCAL) do not restrict access to only systems programming personnel.

b) If both of the above are untrue, there is NO FINDING.

c) If either of the above is true, this is a FINDING

Fix Text (F-17419r1_fix)
Verify that the ACP data set rules for system page data sets (PLPA, COMMON, and LOCAL) restrict access to only systems programming personnel.