STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

CA-TSS LOGONIDs must not be defined to SYS1.UADS for non-emergency use.

DISA Rule

SV-224073r561402_rule

Vulnerability Number

V-224073

Group Title

SRG-OS-000324-GPOS-00125

Rule Version

TSS0-TS-000020

Severity

CAT I

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Configure the SYS1.UADS entries to ensure LOGONIDs defined include only those users required to support specific functions related to system recovery. Evaluate the impact of accomplishing the change.

Check Contents

Ask the system administrator to provide a list of all emergency userids available to the site along with the associated function of each.

If any SYS1.UADS userids are assigned for other than emergency purposes, this is a finding.

Vulnerability Number

V-224073

Documentable

False

Rule Version

TSS0-TS-000020

Severity Override Guidance

Ask the system administrator to provide a list of all emergency userids available to the site along with the associated function of each.

If any SYS1.UADS userids are assigned for other than emergency purposes, this is a finding.

Check Content Reference

M

Target Key

4102

Comments