STIGQter: STIG Summary: z/OS ROSCOE for TSS STIG Version: 6 Release: 7 Benchmark Date: 20 Jan 2015:

ROSCOE STC data sets are not properly protected.

DISA Rule

SV-23707r1_rule

Vulnerability Number

V-17067

Group Title

ZB000001

Rule Version

ZROST001

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

The IAO will ensure that update and allocate/create access to the ROSCOE started task or batch job data sets is limited to system programmers and the started task only and all update and allocate/create access is logged.

The IAO will ensure that all other accesses to the ROSCOE started task or batch job data sets are properly restricted and all required accesses are properly logged.

Data sets to be protected will be

SYS3.ROSCOE.SYS**
SYS3.ROSCOE.ROSLIB**

The following commands are provided as a sample for implementing dataset controls:

TSS ADD(SYS3) DSN(SYS3)
TSS PER(syspaudt) DSN(SYS3.ROSCOE.SYS) ACC(R)
TSS PER(syspaudt) DSN(SYS3.ROSCOE.SYS) ACC(A) ACTION(AUDIT)
TSS PER(roscoe stc) DSN(SYS3.ROSCOE.SYS) ACC(R)
TSS PER(roscoe stc) DSN(SYS3.ROSCOE.SYS) ACC(A) ACTION(AUDIT)
TSS PER(syspaudt) DSN(SYS3.ROSCOE.ROSLIB) ACC(R)
TSS PER(syspaudt) DSN(SYS3.ROSCOE.ROSLIB) ACC(A) ACTION(AUDIT)
TSS PER(roscoe stc) DSN(SYS3.ROSCOE.ROSLIB) ACC(R)
TSS PER(roscoe stc) DSN(SYS3.ROSCOE.ROSLIB) ACC(A) ACTION(AUDIT)

Check Contents

a) Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(ROSSTC)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZROS0001)

b) Verify that access to the ROSCOE STC data sets are properly restricted. The data sets in this group are the data sets identified in the ROSACTxx (if used), ROSLIBxx, and SYSAWSx DD statements of the STC or batch JCL.

___ The TSS data set rules for the data sets does not restrict UPDATE and/or ALTER access to systems programming personnel.

___ The TSS data set rules for the data sets does not restrict UPDATE and/or ALTER access to the product STC(s) and/or batch job(s).

c) If all of the above are untrue, there is NO FINDING.

d) If any of the above is true, this is a FINDING.

Vulnerability Number

V-17067

Documentable

False

Rule Version

ZROST001

Severity Override Guidance

a) Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(ROSSTC)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZROS0001)

b) Verify that access to the ROSCOE STC data sets are properly restricted. The data sets in this group are the data sets identified in the ROSACTxx (if used), ROSLIBxx, and SYSAWSx DD statements of the STC or batch JCL.

___ The TSS data set rules for the data sets does not restrict UPDATE and/or ALTER access to systems programming personnel.

___ The TSS data set rules for the data sets does not restrict UPDATE and/or ALTER access to the product STC(s) and/or batch job(s).

c) If all of the above are untrue, there is NO FINDING.

d) If any of the above is true, this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1665

Comments