DFSMS control data sets are not properly protected.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6936	ZSMS0022	SV-7237r2_rule	COTR-1 DCCS-1 DCCS-2 ECCD-1 ECCD-2	Medium

Description
DFSMS control data sets provide the configuration and operational characteristics of the system-managed storage environment. Failure to properly protect these data sets may result in unauthorized access. This exposure could compromise the availability and integrity of some system services and customer data.

STIG	Date
z/OS ACF2 STIG	2019-12-12

Details

Check Text ( C-3419r1_chk )
a) Review the logical parmlib data sets, example: SYS1.PARMLIB(IGDSMSxx), to identify the fully qualified file names for the following SMS data sets: Active Control Data Set (ACDS) Communications Data Set (COMMDS) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ZSMS0022) b) If the COMMDS and ACDS SMS data sets identified in (a) above reside on different volumes, there is NO FINDING. c) If the COMMDS and ACDS SMS data sets identified in (a) above are collocated on the same volume, this is a FINDING.

Check Text ( C-3419r1_chk )

a) Review the logical parmlib data sets, example: SYS1.PARMLIB(IGDSMSxx), to identify the fully qualified file names for the following SMS data sets:

Active Control Data Set (ACDS)
Communications Data Set (COMMDS)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZSMS0022)

b) If the COMMDS and ACDS SMS data sets identified in (a) above reside on different volumes, there is NO FINDING.

c) If the COMMDS and ACDS SMS data sets identified in (a) above are collocated on the same volume, this is a FINDING.

Fix Text (F-18936r1_fix)
The systems programmer will see that the primary and backup SMS Control data sets are allocated on separate volumes. (a) Source Control Data Set (SCDS) contains a SMS configuration, which defines a storage management policy. (b) Active Control Data Set (ACDS) contains a copy of the most recently activated configuration. All systems in a SMS complex use this configuration to manage storage. (c) Communications Data Set (COMMDS) contains the name of the ACDS containing the currently active storage management policy, the current utilization statistics for each system managed volume, and other system information. (2) The ACDS data set will reside on a different volume than the COMMDS data set. Allocate backup copies of the ADCS and COMMDS data sets on a different shared volume from the primary ACDS and COMMDS data sets.

Fix Text (F-18936r1_fix)

The systems programmer will see that the primary and backup SMS Control data sets are allocated on separate volumes.

(a) Source Control Data Set (SCDS) contains a SMS configuration, which defines a storage management policy.

(b) Active Control Data Set (ACDS) contains a copy of the most recently activated configuration. All systems in a SMS complex use this configuration to manage storage.

(c) Communications Data Set (COMMDS) contains the name of the ACDS containing the currently active storage management policy, the current utilization statistics for each system managed volume, and other system information.

(2) The ACDS data set will reside on a different volume than the COMMDS data set.

Allocate backup copies of the ADCS and COMMDS data sets on a different shared volume from the primary ACDS and COMMDS data sets.