STIGQter: STIG Summary: z/OS CA Auditor for RACF STIG Version: 6 Release: 3 Benchmark Date: 20 Jan 2015:

CA Auditor resources are not properly defined and protected.

DISA Rule

SV-32209r1_rule

Vulnerability Number

V-17947

Group Title

ZB000020

Rule Version

ZADTR020

Severity

CAT II

CCI(s)

• CCI-000035 - The information system provides the capability for privileged administrators to configure the organization-defined security policy filters to support different security policies.
• CCI-002234 - The information system audits the execution of privileged functions.

Weight

10

Fix Recommendation

The IOA will verify that the LTDMMAIN resource in the PROGRAM resource class is restricted to sytem programmers, auditors, and security personnel.

The RACF rules for the LTDMMAIN resource specify a default access of NONE and no RACF rules that allow access to the LTDMMAIN resource.

Example:

rdef program LTDMMAIN uacc(none) owner(admin) audit(failures(read)) -
data('added per PDI ZADT0020')

The RACF rules for the LTDMMAIN resource is restricted access to system programmers, auditors, and security personnel with access of READ. All RACF rules are defined with UACC(NONE).

Example:

rdef program ltdmmain -
addmem('SYS2A.EXAMINE.V120SP01.CAILIB'//nopadchk) -
data('Required by SRR PDI ZADTR020') -
audit(failures(read)) uacc(none) owner(admin)
pe LTDMMAIN cl(program) id(syspaudt) acc(r)
pe LTDMMAIN cl(program) id(audtaudt) acc(r)
pe LTDMMAIN cl(program) id(secaaudt) acc(r)

setr when(program) ref

Check Contents

Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(ZADT0020)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZADT0020)

Verify that the access to the LTDMMAIN resource in the PROGRAM resource class is restricted.

___ The RACF rules for the resources specify a default access of NONE.

___ The RACF rules for the resources are restricted access to sytem programmers, auditors, and security personnel.

___ All RACF rules are defined with UACC(NONE).

Vulnerability Number

V-17947

Documentable

False

Rule Version

ZADTR020

Severity Override Guidance

Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(ZADT0020)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZADT0020)

Verify that the access to the LTDMMAIN resource in the PROGRAM resource class is restricted.

___ The RACF rules for the resources specify a default access of NONE.

___ The RACF rules for the resources are restricted access to sytem programmers, auditors, and security personnel.

___ All RACF rules are defined with UACC(NONE).

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

2016

Comments