Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Access to System page data sets (i.e., PLPA, COMMON, and LOCALx) are not limited to system programmers.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-128 | ACP00230 | SV-128r2_rule | DCCS-1 DCCS-2 ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| Page data sets hold individual pages of virtual storage when they are paged out of real storage. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data. |
| STIG | Date |
|---|---|
| z/OS RACF STIG | 2015-03-27 |
Details
| Check Text ( C-22933r1_chk ) |
|---|
| a) Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(PGXXRPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ACP00230) ___ The ACP data set rules for system page data sets (PLPA, COMMON, and LOCAL) allow inappropriate access. ___ The ACP data set rules for system page data sets (PLPA, COMMON, and LOCAL) do not restrict access to only systems programming personnel. b) If both of the above are untrue, there is NO FINDING. c) If either of the above is true, this is a FINDING |
| Fix Text (F-17419r1_fix) |
|---|
| Verify that the ACP data set rules for system page data sets (PLPA, COMMON, and LOCAL) restrict access to only systems programming personnel. |