ACIDs were found having access FAC(*ALL*).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246 | TSS0990 | SV-246r2_rule | DCCS-1 DCCS-2 | Medium |
| Description |
|---|
| All users with the exception of the master security control ACID must be authorized to a facility in order to sign on to it. When a user is granted FACILITY(*ALL*) , it gives the user access to all facilities. Users should be limited to access only those facilities that are required to perform their jobs successfully. |
| STIG | Date |
|---|---|
| z/OS TSS STIG | 2019-12-12 |
Details
| Check Text ( C-20461r1_chk ) |
|---|
| Refer to the following reports produced by the TSS Data Collection: - TSSCMDS.RPT(@ACIDS) - TSSCMDS.RPT(@ALL) Automated Analysis Refer to the following report produced by the TSS Data Collection: - PDI(TSS0990) Ensure that no ACID(s) is (are) assigned FACILITY(*ALL*). |
| Fix Text (F-24082r1_fix) |
|---|
| The IAO will ensure that blanket access to all facilities; FACILITY(ALL), is never granted. Review all access to FACILITY(*ALL*). Evaluate the impact of correcting the deficiency. Develop a plan of action and remove access to FAC(*ALL*). Example: TSS REM(acid) FAC(ALL) |