STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-223465r533198_rule
V-223465
SRG-OS-000080-GPOS-00048
ACF2-ES-000470
CAT II
10
Review access authorization to critical system files. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes as required to protect System-level product installation libraries.
Configure allocate access to all system-level product execution libraries to be limited to system programmers only.
Access other than this should be documented and approved by the ISSO.
The ESM data set rules for the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) do not restrict UPDATE and/or ALTER access to only z/OS systems programming personnel.
The ESM data set rules for the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) allow inappropriate access not documented and approved by ISSO.
If both of the above are untrue, this is not a finding.
If either of the above are true, this is a finding.
V-223465
False
ACF2-ES-000470
The ESM data set rules for the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) do not restrict UPDATE and/or ALTER access to only z/OS systems programming personnel.
The ESM data set rules for the JES2 System data sets (e.g., Spool, Checkpoint, and Initialization parameters) allow inappropriate access not documented and approved by ISSO.
If both of the above are untrue, this is not a finding.
If either of the above are true, this is a finding.
M
4100