STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:SV-223712r604139_rule
V-223712
SRG-OS-000480-GPOS-00227
RACF-ES-000650
CAT II
10
Ensure the following:
Associated USERIDs are defined for all batch jobs and documentation authorizing access to system resources is maintained and implemented.
Set up the userids with the RACF PROTECTED attribute. A sample RACF command to accomplish is shown here: ALU <execution-userid> NOPASSWORD NOOIDCARD.
Refer to the documentation of the processes used for submission of batch jobs via an automated process (i.e., scheduler or other sources) and each of the associated user IDs.
From the ISPF COMMAND INPUT screen enter:
LISTUSER(each identified batch job)
The following USERID record fields/attributes must be specified:
NAME
PROTECTED
No USERID has the LAST-ACCESS field set to UNKNOWN.
If both of the above are true, this is not a finding.
If either of the USERID record fields/attributes (NAME and/or PROTECTED) are blank and/or the LAST ACCESS field is set to unknown, this is a finding.
V-223712
False
RACF-ES-000650
Refer to the documentation of the processes used for submission of batch jobs via an automated process (i.e., scheduler or other sources) and each of the associated user IDs.
From the ISPF COMMAND INPUT screen enter:
LISTUSER(each identified batch job)
The following USERID record fields/attributes must be specified:
NAME
PROTECTED
No USERID has the LAST-ACCESS field set to UNKNOWN.
If both of the above are true, this is not a finding.
If either of the USERID record fields/attributes (NAME and/or PROTECTED) are blank and/or the LAST ACCESS field is set to unknown, this is a finding.
M
4101