STIGQter STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

IBM z/OS UNIX MVS data sets used as step libraries in /etc/steplib must be properly protected.

DISA Rule

SV-223849r604139_rule

Vulnerability Number

V-223849

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

RACF-US-000120

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure WRITE or greater access to libraries residing in the /etc/steplib to be limited to system programmers only.

Check Contents

Refer to the pathname from the STEPLIBLIST line in BPXPRMxx member of PARMLIB.

From the ISPF Command Shell enter:
ISHELL

On the command line:
on the path name line enter:
/etc/

From the resulting display scroll down to the <stepliblist name> from BPXPRMxx parm.
Enter B for browse on that line.

If ESM data set rules for libraries specified restrict WRITE or greater access to only systems programming personnel, this is not a finding.

If the ESM data set rules for libraries specify that all (i.e., failures and successes) WRITE or greater access will be logged, this is not a finding.

Vulnerability Number

V-223849

Documentable

False

Rule Version

RACF-US-000120

Severity Override Guidance

Refer to the pathname from the STEPLIBLIST line in BPXPRMxx member of PARMLIB.

From the ISPF Command Shell enter:
ISHELL

On the command line:
on the path name line enter:
/etc/

From the resulting display scroll down to the <stepliblist name> from BPXPRMxx parm.
Enter B for browse on that line.

If ESM data set rules for libraries specified restrict WRITE or greater access to only systems programming personnel, this is not a finding.

If the ESM data set rules for libraries specify that all (i.e., failures and successes) WRITE or greater access will be logged, this is not a finding.

Check Content Reference

M

Target Key

4101

Comments