STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:SV-223680r604139_rule
V-223680
SRG-OS-000080-GPOS-00048
RACF-ES-000320
CAT II
10
Review access authorization to critical system files. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes as required to protect System-level product installation libraries.
Configure allocate access to all system-level product execution libraries to be limited to system programmers only.
Have the systems programmer for z/OS supply the following information:
The data set name and associated SREL for each SMP/E CSI utilized to maintain this system.
The data set name of all SMP/E TLIBs and DLIBs used for installation and production support. A comprehensive list of the SMP/E DDDEFs for all CSIs may be used if valid.
If the ESM data set rules for system-level product installation libraries (e.g., SMP/E CSIs) do not restrict WRITE or greater access to only z/OS systems programming personnel this is a finding.
If any of these data sets cannot be identified due to a lack of requested information, this is a finding.
V-223680
False
RACF-ES-000320
Have the systems programmer for z/OS supply the following information:
The data set name and associated SREL for each SMP/E CSI utilized to maintain this system.
The data set name of all SMP/E TLIBs and DLIBs used for installation and production support. A comprehensive list of the SMP/E DDDEFs for all CSIs may be used if valid.
If the ESM data set rules for system-level product installation libraries (e.g., SMP/E CSIs) do not restrict WRITE or greater access to only z/OS systems programming personnel this is a finding.
If any of these data sets cannot be identified due to a lack of requested information, this is a finding.
M
4101