STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-223545r533198_rule
V-223545
SRG-OS-000080-GPOS-00048
ACF2-OS-000090
CAT II
10
Review all Logonids for the following and ensure that only authorized users with justification are given access to the privileges.
The ACCTPRIV privilege is restricted for used to the domain level security personnel (ISSO/ISSM).
The CONSOLE and OPERATOR privileges are restricted to authorized systems personnel (e.g., systems programming personnel, operations staff, etc).
The MOUNT privilege is restricted to DASD batch users only on an as-needed basis to execute TSO in batch.
Ensure that all privileges are kept to a minimum and are controlled and documented.
From the ISPF Command Shell enter:
ACF
SET LID
SET VERBOSE
LIST IF(ACCTPRIV OR CONSOLE OR OPERATOR OR MOUNT)
If the ACCTPRIV privilege is restricted to security personnel, this is not a finding.
If the CONSOLE and OPERATOR privileges are restricted to authorized systems personnel (e.g., systems programming personnel, operations staff, etc), this is not a finding.
If the MOUNT privilege is restricted to DASD batch users only, this is not a finding.
V-223545
False
ACF2-OS-000090
From the ISPF Command Shell enter:
ACF
SET LID
SET VERBOSE
LIST IF(ACCTPRIV OR CONSOLE OR OPERATOR OR MOUNT)
If the ACCTPRIV privilege is restricted to security personnel, this is not a finding.
If the CONSOLE and OPERATOR privileges are restricted to authorized systems personnel (e.g., systems programming personnel, operations staff, etc), this is not a finding.
If the MOUNT privilege is restricted to DASD batch users only, this is not a finding.
M
4100