IDMS regions (central versions) STC and or batch jobs are not defined in accordance with the proper security requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-47	ZIDM0030	SV-7311r2_rule	DCCS-1 DCCS-2	Medium

Description
Improperly defined IDMS central versions (CVs) have the potential to bypass security controls and obtain unauthorized access to system resources. This could potentially compromise the confidentiality, integrity, and availability of the operating system, ACP, and customer data.

STIG	Date
z/OS TSS STIG	2015-03-27

Details

Check Text ( C-20765r1_chk )
a) Refer to the following reports produced by the TSS Data Collection: - TSSCMDS.RPT(#STC) - TSSCMDS.RPT(@ACIDS) Refer to the IDMS Worksheet in the z/OS STIG Addendum and copy it and fill out the information for each IDMS CV running on this LPAR. b) Ensure the following items are in effect: - A unique ACID is associated with each IDMS CV. - ACIDS of IDMS CVs that runs as a started task, have the following: STC facility Is defined to the STC record Has an IDMS MASTFAC - ACIDS of IDMS CVs that runs as a batch job, have the following: BATCH facility Has an IDMS MASTFAC c) If all of the items in (b) are true, there is NO FINDING. d) If any item in (b) is untrue, this is a FINDING.

Check Text ( C-20765r1_chk )

a) Refer to the following reports produced by the TSS Data Collection:

- TSSCMDS.RPT(#STC)
- TSSCMDS.RPT(@ACIDS)

Refer to the IDMS Worksheet in the z/OS STIG Addendum and copy it and fill out the information for each IDMS CV running on this LPAR.

b) Ensure the following items are in effect:

- A unique ACID is associated with each IDMS CV.

- ACIDS of IDMS CVs that runs as a started task, have the following:

STC facility
Is defined to the STC record
Has an IDMS MASTFAC

- ACIDS of IDMS CVs that runs as a batch job, have the following:

BATCH facility
Has an IDMS MASTFAC

c) If all of the items in (b) are true, there is NO FINDING.

d) If any item in (b) is untrue, this is a FINDING.

Fix Text (F-18709r1_fix)
Associate each IDMS CV with a unique ACID using the following examples: (1) If the IDMS CV is executed as a batch job: TSS CREATE(resource name) NAME('xxxxx xxxxx') TYPE(USER) DEPT(xxxx) FAC(BATCH) MASTFAC(resource name) PASS(password,0) SOURCE(INTRDR) (2) If the IDMS CV is executed as an STC: TSS CREATE(resource name) TYPE(USER) NAME ('xxxxxx xxxxxx') DEPT(xxxx) FAC(STC) MASTFAC(resource name) PASS(password,0) SOURCE(INTRDR) (3) Additionally, if executed as an STC, add the ACID above to the STC record using the following example: TSS ADD(STC) PROCNAME(proc name) ACID(resource name)

Fix Text (F-18709r1_fix)

Associate each IDMS CV with a unique ACID using the following examples:

(1) If the IDMS CV is executed as a batch job:

TSS CREATE(resource name) NAME('xxxxx xxxxx')
TYPE(USER) DEPT(xxxx) FAC(BATCH)
MASTFAC(resource name) PASS(password,0)
SOURCE(INTRDR)

(2) If the IDMS CV is executed as an STC:

TSS CREATE(resource name) TYPE(USER)
NAME ('xxxxxx xxxxxx') DEPT(xxxx) FAC(STC)
MASTFAC(resource name) PASS(password,0)
SOURCE(INTRDR)

(3) Additionally, if executed as an STC, add the ACID above to the STC record using the following example:

TSS ADD(STC) PROCNAME(proc name) ACID(resource name)