STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

ACF2 LOGONIDs associated with started tasks that have the MUSASS attribute and the requirement to submit jobs on behalf of its users must have the JOBFROM attribute as required.

DISA Rule

SV-223484r533198_rule

Vulnerability Number

V-223484

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

ACF2-ES-000660

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure that if MUSASS has the requirement to submit jobs on behalf of its users, the STC logonid has the JOBFROM attribute specified.

If the MUSASS has the requirement to submit jobs on behalf of its users, the STC logonid will also have the following attribute:

JOBFROM

Example:

SET LID
CHANGE logonid STC JOBFROM

Check Contents

From the ACF command screen enter:
SET LID
SET VERBOSE
LIST IF(MUSASS)
LIST IF(STC)

If any started task logonid that has the MUSASS attribute and the requirement to submit jobs on behalf of its users does not have the JOBFROM attribute, this is a finding.

Vulnerability Number

V-223484

Documentable

False

Rule Version

ACF2-ES-000660

Severity Override Guidance

From the ACF command screen enter:
SET LID
SET VERBOSE
LIST IF(MUSASS)
LIST IF(STC)

If any started task logonid that has the MUSASS attribute and the requirement to submit jobs on behalf of its users does not have the JOBFROM attribute, this is a finding.

Check Content Reference

M

Target Key

4100

Comments