UCF STIG Viewer Logo

There are maintenance LOGONIDs that do not have corresponding GSO MAINT records.


Overview

Finding ID Version Rule ID IA Controls Severity
V-166 ACF0660 SV-166r2_rule DCCS-1 DCCS-2 Low
Description
Users may execute programs without ACP security checking or auditing. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, and customer data.
STIG Date
z/OS ACF2 STIG 2019-12-12

Details

Check Text ( C-257r1_chk )
a) Refer to the following reports produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(ACFGSO)
- ACF2CMDS.RPT(ATTMAINT)

Automated Analysis
Refer to the following report produced by the ACF2 Data Collection Checklist:

- PDI(ACF0660)

b) If every maintenance logonid has a corresponding GSO MAINT record, there is NO FINDING.

c) If any maintenance logonid does not have a corresponding GSO MAINT record, this is a FINDING.
Fix Text (F-27346r1_fix)
The IAO will ensure that an associated GSO maintenance record exists for each special user logonid identifying the program(s) that it is permitted to access and the library where the program(s) resides.

An associated GSO MAINT record will exist for each special user logonid, identifying the program(s) that it is permitted to access and the library where the program(s) resides.

Every maintenance logonid has a corresponding GSO MAINT record.

Example:

SET C(GSO)
INSERT MAINT.DFSMSHSM LIBRARY(SYS1.LINKLIB) LID(HSMDFDSS) PGM(ADRDSSU)

F ACF2,REFRESH(MAINT)