Surrogate users are not controlled in accordance with proper security requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-54	ZJES0060	SV-7346r2_rule	DCCS-1 DCCS-2 ECCD-1 ECCD-2 IAGA-1	Medium

Description
Surrogate users have the ability to submit jobs on behalf of another user (the execution user) without specifying the execution user's password. Jobs submitted by surrogate users run with the identity of the execution user. Failure to properly control surrogate users could result in unauthorized personnel accessing sensitive resources. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.

Description

Surrogate users have the ability to submit jobs on behalf of another user (the execution user) without specifying the execution user's password. Jobs submitted by surrogate users run with the identity of the execution user. Failure to properly control surrogate users could result in unauthorized personnel accessing sensitive resources. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.

STIG	Date
z/OS RACF STIG	2015-03-27

Details

Check Text ( C-35326r1_chk )
a) Refer to the following report produced by the RACF Data Collection: - SENSITVE.RPT(SURROGAT) b) If no executionuserid.SUBMIT resources are defined to the SURROGAT resource class, there is NO FINDING. c) If executionuserid.SUBMIT resources are defined to the SURROGAT resource class, ensure the following items are in effect regarding surrogate controls: 1) All executionuserid.SUBMIT resources defined to the SURROGAT resource class specify a default access of NONE. 2) All resource access is logged except for scheduling tasks. 3) Access authorization is restricted to the minimum number of personnel required for running production jobs. d) If all of the items in (c) are true, there is NO FINDING. e) If any item in (c) is untrue, this is a FINDING.

Check Text ( C-35326r1_chk )

a) Refer to the following report produced by the RACF Data Collection:

- SENSITVE.RPT(SURROGAT)

b) If no executionuserid.SUBMIT resources are defined to the SURROGAT resource class, there is NO FINDING.

c) If executionuserid.SUBMIT resources are defined to the SURROGAT resource class, ensure the following items are in effect regarding surrogate controls:

1) All executionuserid.SUBMIT resources defined to the SURROGAT resource class specify a default access of NONE.

2) All resource access is logged except for scheduling tasks.

3) Access authorization is restricted to the minimum number of personnel required for running production jobs.

d) If all of the items in (c) are true, there is NO FINDING.

e) If any item in (c) is untrue, this is a FINDING.

Fix Text (F-30560r1_fix)
a) If no executionuserid.SUBMIT resources are defined to the SURROGAT resource class, there is NO FINDING. b) If executionuserid.SUBMIT resources are defined to the SURROGAT resource class, ensure the following items are in effect regarding surrogate controls: 1) All executionuserid.SUBMIT resources defined to the SURROGAT resource class specify a default access of NONE. 2) All resource access is logged except for schdeuling tasks. 3) Access authorization is restricted to the minimum number of personnel required for running production jobs. Command samples are provided to define/permit SURROGAT profiles: SETR CLASSACT(SURROGAT) SETR GENERIC(SURROGAT) GENCMD(SURROGAT) SETR RACL(SURROGAT) RDEF SURROGAT .SUBMIT UACC(NONE) OWNER(ADMIN) AUDIT(ALL(READ)) DATA('SUBMIT JOBS FOR , REFERENCE ZJES0060') PE .SUBMIT CL(SURROGAT) ID()

Fix Text (F-30560r1_fix)

a) If no executionuserid.SUBMIT resources are defined to the SURROGAT resource class, there is NO FINDING.

b) If executionuserid.SUBMIT resources are defined to the SURROGAT resource class, ensure the following items are in effect regarding surrogate controls:

1) All executionuserid.SUBMIT resources defined to the SURROGAT resource class specify a default access of NONE.

2) All resource access is logged except for schdeuling tasks.

3) Access authorization is restricted to the minimum number of personnel required for running production jobs.

Command samples are provided to define/permit SURROGAT profiles:

SETR CLASSACT(SURROGAT)
SETR GENERIC(SURROGAT) GENCMD(SURROGAT)
SETR RACL(SURROGAT)

RDEF SURROGAT .SUBMIT UACC(NONE) OWNER(ADMIN) AUDIT(ALL(READ)) DATA('SUBMIT JOBS FOR , REFERENCE ZJES0060')

PE .SUBMIT CL(SURROGAT) ID()