Access to SYS1.LINKLIB is not properly protected.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-109 | ACP00020 | SV-109r2_rule | DCCS-1 DCCS-2 DCSL-1 ECAR-1 ECAR-2 ECAR-3 | Medium |
| Description |
|---|
| This data set is automatically APF-authorized, contains system SVCs and the base PPT. Unauthorized access could result in the compromise of the operating system environment, ACP, and customer data. |
| STIG | Date |
|---|---|
| z/OS RACF STIG | 2019-12-12 |
Details
| Check Text ( C-22924r1_chk ) |
|---|
| a) Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(LINKRPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ACP00020) ___ The ACP data set rules for SYS1.LINKLIB allow inappropriate access. ___ The ACP data set rules for SYS1.LINKLIB do not restrict UPDATE and/or ALTER access to only z/OS systems programming personnel. ___ The ACP data set rules for SYS1.LINKLIB do not specify that all (i.e., failures and successes) UPDATE and/or ALTER access will be logged, this is a FINDING. b) If all of the above are untrue, there is NO FINDING. c) If any of the above is true, this is a FINDING. |
| Fix Text (F-17034r1_fix) |
|---|
| Review access authorization to critical system files. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes as required. Under the ACPs SYS1.LINKLIB is always indicated as a program control library because it is a member of the MVS link list. Access is limited to system programmers only and all update and allocate access is logged. |