STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-223991r561402_rule
V-223991
SRG-OS-000080-GPOS-00048
TSS0-JS-000070
CAT II
10
Review the JES2 parameters to determine the localnodeid by searching for OWNNODE in the NJEDEF statement, and then searching for NODE(nnnn) (where nnnn is the value specified by OWNNODE). The NAME parameter value specified on this NODE statement is the localnodeid.
The following command may be used to establish default protection for resources defined to the JESSPOOL resource class:
TSS ADDTO(deptacid) JESSPOOL(localnodeid.)
Due to the protection established with the previous command, the following command should be issued to ensure users are able to access their own spool data:
TSS PERMIT(ALL) JESSPOOL(localnodeid.%) ACCESS(ALL)
Refer the JES2PARM member of SYS1.PARMLIB. Review the JESSPOOL resource in the JESINPUT resource class:
NOTE: If the JESSPOOL resource is not defined within the JES2 parameters, the resource in the JESINPUT resource class does not have to be owned.
From the ISPF Command Shell enter:
TSS WHOOWNS JESINPUT(JESSPOOL)
If the JESSPOOL resource is owned by generic and/or fully qualified entries in the JESINPUT resource class, this is not a finding.
V-223991
False
TSS0-JS-000070
Refer the JES2PARM member of SYS1.PARMLIB. Review the JESSPOOL resource in the JESINPUT resource class:
NOTE: If the JESSPOOL resource is not defined within the JES2 parameters, the resource in the JESINPUT resource class does not have to be owned.
From the ISPF Command Shell enter:
TSS WHOOWNS JESINPUT(JESSPOOL)
If the JESSPOOL resource is owned by generic and/or fully qualified entries in the JESINPUT resource class, this is not a finding.
M
4102