STIGQter: STIG Summary: z/OS ROSCOE for RACF STIG Version: 6 Release: 7 Benchmark Date: 20 Jan 2015: STIGQter: STIG Summary: z/OS ROSCOE for RACF STIG Version: 6 Release: 7 Benchmark Date: 20 Jan 2015:SV-23706r1_rule
V-17067
ZB000001
ZROSR001
CAT II
10
The IAO will ensure that update and alter access to the ROSCOE started task or batch job data sets is limited to system programmers and the started task only and all update and alter access is logged.
The IAO will ensure that all other accesses to the ROSCOE started task or batch job data sets are properly restricted and all required accesses are properly logged.
Data sets to be protected will be
SYS3.ROSCOE.sys*.**
SYS3.ROSCOE.ros*.**
The following commands are provided as a sample for implementing dataset controls:
ad 'sys3.roscoe.ros*.**' uacc(none) owner(sys3) -
audit(success(update) failures(read)) -
data('Site Customized Profile: ROSCOE')
pe 'sys3.roscoe.ros*.**' id(syspaudt) acc(a)
pe 'sys3.roscoe.ros*.**' id(roscoe) acc(a)
ad 'sys3.roscoe.sys*.**' uacc(none) owner(sys3) -
audit(success(update) failures(read)) -
data('Site Customized profile: ROSCOE')
pe 'sys3.roscoe.sys*.**' id(syspaudt) acc(a)
pe 'sys3.roscoe.sys*.**' id(roscoe) acc(a)
setr generic(dataset) refresh
a) Refer to the following report produced by the Data Set and Resource Data Collection:
- SENSITVE.RPT(ROSSTC)
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZROS0001)
b) Verify that access to the ROSCOE STC data sets are properly restricted. The data sets in this group are the data sets identified in the ROSACTxx (if used), ROSLIBxx, and SYSAWSx DD statements of the STC or batch JCL.
___ The RACF data set rules for the data sets does not restrict UPDATE and/or ALTER access to systems programming personnel.
___ The RACF data set rules for the data sets does not restrict UPDATE and/or ALTER access to the product STC(s) and/or batch job(s).
c) If all of the above are untrue, there is NO FINDING.
d) If any of the above is true, this is a FINDING.
V-17067
False
ZROSR001
a) Refer to the following report produced by the Data Set and Resource Data Collection:
- SENSITVE.RPT(ROSSTC)
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZROS0001)
b) Verify that access to the ROSCOE STC data sets are properly restricted. The data sets in this group are the data sets identified in the ROSACTxx (if used), ROSLIBxx, and SYSAWSx DD statements of the STC or batch JCL.
___ The RACF data set rules for the data sets does not restrict UPDATE and/or ALTER access to systems programming personnel.
___ The RACF data set rules for the data sets does not restrict UPDATE and/or ALTER access to the product STC(s) and/or batch job(s).
c) If all of the above are untrue, there is NO FINDING.
d) If any of the above is true, this is a FINDING.
M
Systems Programmer
1665