UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ACIDs defined as security administrators do not have the attribute of NOATS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-238 TSS0900 SV-238r2_rule DCCS-1 DCCS-2 Medium
Description
NOATS prevents the TSS administrator ACID from signing on through automatic terminal signon. If an ACID has ATS enabled, a terminal could be automatically assigned that ACID without a user being present. This applies to CICS, IMS, and IDMS.
STIG Date
z/OS TSS STIG 2017-06-26

Details

Check Text ( C-4638r1_chk )
Refer to the following reports produced by the TSS Data Collection:

- TSSCMDS.RPT(@ALL)
- TSSPRIV.RPT

Automated Analysis
Refer to the following report produced by the TSS Data Collection:

- PDI(TSS0900)

Review all security administrators to ensure that each one has the NOATS attribute.
Fix Text (F-18189r1_fix)
Review all security administrator ACIDs. Ensure the NOATS attribute has been assigned. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes.

NOTE:
The NOATS attribute may be added to an ACID or an ACID's PROFILE.
The following command may be issued to determine if the NOATS attribute is defined to an ACID or an ACID's PROFILE:
tss list() data(basic,profile)