STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

CA-ACF2 must limit update and allocate access to system backup files to system programmers and/or batch jobs that perform DASD backups.

DISA Rule

SV-223432r533198_rule

Vulnerability Number

V-223432

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

ACF2-ES-000110

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Configure the update and allocate access to libraries containing PPT modules to be limited to system programmers only and all update and allocate access is logged.

Check Contents

Execute a data set list of access for SMF data collection files (e.g., SYS1.MAN* or IFASMF.SYS1.*).

If the ESM data set rules for the SMF data collection files do not restrict ALTER access to only z/OS systems programming personnel, this is a finding.

Vulnerability Number

V-223432

Documentable

False

Rule Version

ACF2-ES-000110

Severity Override Guidance

Execute a data set list of access for SMF data collection files (e.g., SYS1.MAN* or IFASMF.SYS1.*).

If the ESM data set rules for the SMF data collection files do not restrict ALTER access to only z/OS systems programming personnel, this is a finding.

Check Content Reference

M

Target Key

4100

Comments