STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-223919r561402_rule
V-223919
SRG-OS-000080-GPOS-00048
TSS0-ES-000460
CAT II
10
Ensure that all MCS consoles are defined to the SYSCONS resource class and READ access is limited to operators and system programmers.
Review the MCS console resources defined to z/OS and the ACP, and ensure they conform to those outlined below.
Each console defined in the CONSOLxx parmlib members is defined to TSS SYSCONS resource class and/or the SYSCONS resource class has the DEFPROT attribute.
The ACID associated with each console has access to the corresponding resource defined in the SYSCONS resource class.
Example:
TSS PERMIT(MMGMST) SYSCONS(MMGMST) ACCESS(READ)
Access authorization for SYSCONS resources restricts access to operations, the Master SCA, and system programming personnel.
TSS PERMIT(opersmpl) SYSCONS(MMGMST) ACCESS(READ)
TSS PERMIT(Master SCA) SYSCONS(MMGMST) ACCESS(READ)
TSS PERMIT(syspsmpl) SYSCONS(MMGMST) ACCESS(READ)
From the ISPF Command Shell enter:
TSS WHOOWNS SYSCONS(*)
For each Console defined enter:
TSS WHOHAS(<CONSOLE>)
If the console defined is not defined to the TSS SYSCONS resource class enter:
TSS LIST (RDT) RESCLASS(SYSCONS)
If the SYSCONS resource class does not have the DEPROT attribute, this is a finding.
V-223919
False
TSS0-ES-000460
From the ISPF Command Shell enter:
TSS WHOOWNS SYSCONS(*)
For each Console defined enter:
TSS WHOHAS(<CONSOLE>)
If the console defined is not defined to the TSS SYSCONS resource class enter:
TSS LIST (RDT) RESCLASS(SYSCONS)
If the SYSCONS resource class does not have the DEPROT attribute, this is a finding.
M
4102