Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-246 | TSS0990 | SV-246r2_rule | DCCS-1 DCCS-2 | Medium |
Description |
---|
All users with the exception of the master security control ACID must be authorized to a facility in order to sign on to it. When a user is granted FACILITY(*ALL*) , it gives the user access to all facilities. Users should be limited to access only those facilities that are required to perform their jobs successfully. |
STIG | Date |
---|---|
z/OS TSS STIG | 2017-06-26 |
Check Text ( C-20461r1_chk ) |
---|
Refer to the following reports produced by the TSS Data Collection: - TSSCMDS.RPT(@ACIDS) - TSSCMDS.RPT(@ALL) Automated Analysis Refer to the following report produced by the TSS Data Collection: - PDI(TSS0990) Ensure that no ACID(s) is (are) assigned FACILITY(*ALL*). |
Fix Text (F-24082r1_fix) |
---|
The IAO will ensure that blanket access to all facilities; FACILITY(ALL), is never granted. Review all access to FACILITY(*ALL*). Evaluate the impact of correcting the deficiency. Develop a plan of action and remove access to FAC(*ALL*). Example: TSS REM(acid) FAC(ALL) |