STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

ACF2 LOGONIDs assigned for started tasks must have the STC attribute specified in the associated LOGONID record.

DISA Rule

SV-223485r533198_rule

Vulnerability Number

V-223485

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

ACF2-ES-000670

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

All started tasks will be assigned an individual logonid. The logonid for a Started Task Control (STC) will be granted the minimum privileges necessary for the STC to function. In addition to the default LID field settings, all STC logonids will have the following field setting:

STC

Example:
SET LID
INSERT logonid STC

Check Contents

From the ACF command screen enter:
SET LID
SET VERBOSE
LIST IF(STC)

If all logonids identified as started tasks have the STC attribute specified, this is not a finding.

Vulnerability Number

V-223485

Documentable

False

Rule Version

ACF2-ES-000670

Severity Override Guidance

From the ACF command screen enter:
SET LID
SET VERBOSE
LIST IF(STC)

If all logonids identified as started tasks have the STC attribute specified, this is not a finding.

Check Content Reference

Target Key

4100

ACF2 LOGONIDs assigned for started tasks must have the STC attribute specified in the associated LOGONID record.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments