UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DFSMS-related RACF classes are not active.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6943 ZSMSR008 SV-7244r2_rule DCCS-1 DCCS-2 ECCD-1 ECCD-2 Medium
Description
DFSMS provides data, storage, program, and device management functions for the operating system. Some DFSMS storage administration functions allow a user to obtain a privileged status and effectively bypass all ACP data set and volume controls. Failure to properly protect DFSMS resources may result in unauthorized access. This exposure could compromise the availability and integrity of the operating system environment, system services, and customer data.
STIG Date
z/OS RACF STIG 2017-03-22

Details

Check Text ( C-20779r1_chk )
CLASSACT Resources

a) Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

b) ACTIVE CLASSES lists the MGMTCLAS, STORCLAS, PROGRAM, and FACILITY resources classes.

c) RACLIST CLASSES lists the MGMTCLAS and STORCLAS resource classes.

d) If (b) and (c) are true, there is NO FINDING.

e) If (b) or (c) is not true, this is a FINDING.
Fix Text (F-18739r1_fix)
CLASSACT Resources

ACTIVE CLASSES lists the MGMTCLAS, STORCLAS, PROGRAM, and FACILITY resources classes.

The classes can be activated with the command:
SETR CLASSACT(MGMTCLAS STORCLAS PROGRAM FACILITY)

RACLIST CLASSES lists the MGMTCLAS and STORCLAS resource classes.

The classes can be RACLISTED with the command:
SETR RACL(MGMTCLAS STORCLAS)