There are no procedures to utilize the LOGONID with the REFRESH attribute.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-170 | ACF0730 | SV-170r2_rule | DCCS-1 DCCS-2 | Low |
| Description |
|---|
| Individuals could effect unauthorized or inadvertent changes to ACP global system options. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data. |
| STIG | Date |
|---|---|
| z/OS ACF2 STIG | 2019-12-12 |
Details
| Check Text ( C-17892r1_chk ) |
|---|
| a) Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTREFSH) b) If procedures exist in accordance with the STIG requirements to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, there is NO FINDING. Example: When the IAO determines it necessary to refresh the ACF2 global options, the IAO will do the following: 1) Activate the REFRESH ID with the following setting(s): NOSUSPEND NOPSWD EXP PASSWORD(new password) 2) Instruct Operations to perform the REFRESH. 3) Deactivate the REFRESH ID with the following setting: SUSPEND c) If no procedures exist in accordance with the STIG requirements to utilize the logonid with the REFRESH attribute to refresh ACF2 global options, this is a FINDING. |
| Fix Text (F-324r1_fix) |
|---|
| The IAO will ensure procedures and documentation as defined below only exists for the use of Logonids with the refresh attribute. Review security procedures for defining LOGONIDs and ensure documentation includes requirements for the LOGONID associated with the REFRESH attribute. Example: When the IAO determines it necessary to refresh the ACF2 global options, the IAO will do the following: 1) Activate the REFRESH ID with the following setting(s): NOSUSPEND NOPSWD EXP PASSWORD(new password) 2) Instruct Operations to perform the REFRESH. 3) Deactivate the REFRESH ID with the following setting: SUSPEND |