UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The BYPASS attribute must be limited to just trusted STCs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-229 TSS0810 SV-229r3_rule DCCS-1 DCCS-2 High
Description
The BYPASS attribute permits STCs to bypass security checking. With this authority, a job or ACID could bypass all security checking, and could potentially alter or destroy critical system data.
STIG Date
z/OS TSS STIG 2017-03-22

Details

Check Text ( C-6212r1_chk )
Refer to the following report produced by the TSS Data Collection:

- TSSCMDS.RPT(#STC)

Automated Analysis
Refer to the following report produced by the TSS Data Collection:

- PDI(TSS0810)

Ensure that only STCs listed in the TRUSTED STARTED TASKS table, in the z/OS STIG addendum, are granted the BYPASS privilege.

TRUSTED STCs:
Certain started tasks perform critical operating system-related functions. The site can secure these started tasks in one of two ways:

1) By analyzing an STC's access requirements and granting the requisite accesses.

2) By considering these started tasks as trusted for the purpose of data set and resource access requests.

While the actual list may vary based on local site requirements and software configuration, the TRUSTED STARTED TASKS table, in the z/OS STIG addendum, is an approved list of started tasks that may be considered trusted started procedures and can have the BYPASS attribute specified in the start task table.

The site may exclude any STCs from the list of trusted started tasks based on local requirements. However, the addition of other started tasks to the list requires the approval of the site DAA.
Fix Text (F-18130r1_fix)
Review the STC record for ACIDs with the BYPASS attribute. Ensure only those trusted STCs that are listed in the TRUSTED STARTED TASKS table, in the z/OS STIG addendum, have been granted this authority. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes.

Trusted STCs:

While the actual list may vary based on local site requirements and software configuration, the TRUSTED STARTED TASKS table, in the z/OS STIG addendum, is an approved list of started tasks that may be considered trusted started procedures: