| Refer to the following reports produced by the TSS Data Collection and Data Set and Resource Data Collection: |
If all sensitive users requiring NC-Pass validation has the NCPASS Facility and permitted to the SECURID resource in the ABSTRACT resource class, this is not a finding.
NOTE: Sensitive users include systems programming personnel, security personnel, and other staff (e.g., DASD management, operations, auditors, technical support, etc.) with access to sensitive resources (e.g., operator commands, ACP privileges, etc.) that can modify the operating system and system software, and review/modify the security environment.