The number of users granted the special privilege OPERATOR must be kept to a strictly controlled minimum.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-181 | ACF0850 | SV-181r3_rule | Medium |
| Description |
|---|
| Users with this privilege can do anything from canceling jobs to disabling the entire system. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data. |
| STIG | Date |
|---|---|
| z/OS ACF2 STIG | 2019-12-12 |
Details
| Check Text ( C-18256r2_chk ) |
|---|
| Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTOPER) Automated Analysis Refer to the following report produced by the ACF2 Data Collection Checklist: - PDI(ACF0850) If the number of users granted the special privilege "OPERATOR" is strictly controlled and limited to systems programmer and operations personnel, this is NOT a finding. Security managers may be granted this access at the discretion of the ISSM. If the number of users granted the special privilege "OPERATOR" is not strictly controlled and limited to systems programmer, security manager or operations personnel, this is a finding. |
| Fix Text (F-17369r3_fix) |
|---|
| Ensure that access to the special privilege "OPERATOR" is kept to a minimum and limited to systems programmer, security manager and operations personnel. Review all LOGONIDs with the "OPERATOR" attribute. |