The REFRESH attribute must be restricted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-23 | ACF0710 | SV-23r2_rule | DCCS-1 DCCS-2 | Low |
| Description |
|---|
| Unauthorized users may be able to effect changes to ACP system options. This could result in the compromise of the confidentiality, integrity, and availability of the operating system, ACP, or customer data. |
| STIG | Date |
|---|---|
| z/OS ACF2 STIG | 2019-12-12 |
Details
| Check Text ( C-20663r1_chk ) |
|---|
| Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTREFSH) Automated Analysis Refer to the following report produced by the ACF2 Data Collection: - PDI(ACF0710) Ensure the logonid with the REFRESH attribute is assigned to an IAO. |
| Fix Text (F-16920r1_fix) |
|---|
| The IAO will ensure Logonids with the refresh privilege are only available to IAOs and/or IAMs. Ensure the logonid with the REFRESH attribute is assigned to an IAO. Example: SET LID CHANGE logonid REFRESH |