STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS must have the RULEVLD and RSRCVLD attributes specified for LOGONIDs with the SECURITY attribute.

DISA Rule

SV-223471r533198_rule

Vulnerability Number

V-223471

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

ACF2-ES-000530

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure Logonids with the SECURITY attribute to have the RULEVLD and RSRCVLD attributes specified.

If a logonid is granted the SECURITY privilege, it is mandatory that RULEVLD and RSRCVLD attributes will also be specified for the logonid.

Example:
SET LID
CHANGE logonid RULEVLD RSRCVLD

Check Contents

From the ACF Command screen enter:
SET LID
LIST IF(SECURITY)

If all logonids with the SECURITY attribute also have the RULEVLD and RSRCVLD attributes specified, this not a finding.

If any logonid with the SECURITY attribute does not have the RULEVLD and/or RSRCVLD attributes specified, this is a finding.

Vulnerability Number

V-223471

Documentable

False

Rule Version

ACF2-ES-000530

Severity Override Guidance

From the ACF Command screen enter:
SET LID
LIST IF(SECURITY)

If all logonids with the SECURITY attribute also have the RULEVLD and RSRCVLD attributes specified, this not a finding.

If any logonid with the SECURITY attribute does not have the RULEVLD and/or RSRCVLD attributes specified, this is a finding.

Check Content Reference

M

Target Key

4100

Comments