STIGQter STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

The IBM RACF database must be backed up on a scheduled basis.

DISA Rule

SV-223711r604139_rule

Vulnerability Number

V-223711

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RACF-ES-000640

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Develop procedures to back up all ACP files needed for recovery on a scheduled basis.

Identify the ACP database and ensure that documented processes are in place to back up its contents on a regularly scheduled basis.

At a minimum, this should include nightly backup of the ACP databases and of other critical security files (such as the ACP parameter file). More frequent backups (two or three times daily) will reduce the time necessary to effect recovery. The ISSO will verify that the backup job(s) run successfully.

Check Contents

Ask the system administrator to determine that procedures exist to back up the security data base and files. Have the system administrator identify the dataset names and frequency of the backups.

If, based on the information provided, it can be determined that the ESM database is being backed up on a regularly scheduled basis, this is not a finding.

If it cannot be determined that the ESM database is being backed up on a regularly scheduled basis, this is a finding.

Vulnerability Number

V-223711

Documentable

False

Rule Version

RACF-ES-000640

Severity Override Guidance

Ask the system administrator to determine that procedures exist to back up the security data base and files. Have the system administrator identify the dataset names and frequency of the backups.

If, based on the information provided, it can be determined that the ESM database is being backed up on a regularly scheduled basis, this is not a finding.

If it cannot be determined that the ESM database is being backed up on a regularly scheduled basis, this is a finding.

Check Content Reference

M

Target Key

4101

Comments