UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The number of ACIDs with MISC9 authority must be justified. ACIDs with MISC9 must be limited to the administrative authorities authorized and that require these privileges to perform their job duties.


Overview

Finding ID Version Rule ID IA Controls Severity
V-243 TSS0950 SV-243r3_rule DCCS-1 DCCS-2 High
Description
The MISC9 authority deals with higher level administrative authorities. One of the authorities is The MISC9 authority deals with higher level administrative authorities. One of the authorities is BYPASS, which can bypass security on the system. This violates the principle of individual user accountability. If this authority is not monitored, the potential for system degradation or destruction could happen. Only the appointed SCA's who are responsible for the security at the domain shall have MISC9 admin rights except MISC9(Generic) may be granted to any DCA,VCA,ZCA,LSCA,SCA.
STIG Date
z/OS TSS STIG 2017-06-26

Details

Check Text ( C-578r1_chk )
a) Refer to the following report produced by the TSS Data Collection:

- TSSCMDS.RPT(@ADMIN)

b) Review ACIDs having MISC9(ALL) or MISC9(CONSOLE) authority under administrative authorities. Only designated SCA's who are responsible for the security for the domain will be allowed this authority.

c) If (b) above is in compliance, there is NO FINDING.

d) If (b) above is not in compliance, this is a FINDING.
Fix Text (F-18197r1_fix)
Review all ACIDs with the MISC9 attribute. Evaluate the impact of removing MISC9(ALL) or MISC9(CONSOLE) access from ACIDs not required to assign the CONSOLE attribute. It is suggested that MISC9(CONSOLE) assignment privileges be limited to the MSCA. Develop a plan of action and implement the changes.