TRACE attribute has been found assigned to ACIDs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-244 | TSS0970 | SV-244r2_rule | DCCS-1 DCCS-2 | Medium |
| Description |
|---|
| The TRACE attribute allows ACIDs to diagnose the security trace information. This information goes to the SYSLOG dataset. This could give an ACID the ability to access system control information. |
| STIG | Date |
|---|---|
| z/OS TSS STIG | 2019-12-12 |
Details
| Check Text ( C-580r1_chk ) |
|---|
| Refer to the following report produced by the TSS Data Collection: - TSSPRIV.RPT Automated Analysis Refer to the following report produced by the TSS Data Collection: - PDI(TSS0970) Review ACIDs having the TRACE attribute. TRACE should not be assigned. Note: The IAO will ensure that the trace attribute is only used for trouble shooting purposes. |
| Fix Text (F-18404r1_fix) |
|---|
| Review all ACIDs with the TRACE attribute. Evaluate the impact of correcting the deficiency. Develop a plan of action and remove the TRACE attribute. Example: TSS REMOVE(acid) TRACE. |