The LOGONID with the ACCTPRIV attribute must be restricted to the IAO.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-173 | ACF0770 | SV-173r2_rule | DCCS-1 DCCS-2 | Medium |
| Description |
|---|
| Individuals with the ACCTPRIV could add or delete users in SYS1.UADS and jeopardize the availability of the operating system, ACP, and customer data. |
| STIG | Date |
|---|---|
| z/OS ACF2 STIG | 2019-12-12 |
Details
| Check Text ( C-267r1_chk ) |
|---|
| Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTACPRV) Automated Analysis Refer to the following report produced by the ACF2 Data Collection: - PDI(ACF0770) Ensure that logonids with the ACCTPRIV attribute specified are assigned to the IAO. |
| Fix Text (F-228r1_fix) |
|---|
| The IAO will ensure Logonids with the ACCTPRIV attribute are only reserved for use by the IAOs and/or IAMs. The ACCTPRIV attribute cannot be scoped, and will be restricted exclusively to a site IAO: Example: SET LID CHANGE logonid ACCTPRIV |