STIGQter: STIG Summary: z/OS IBM CICS Transaction Server for RACF STIG Version: 6 Release: 6 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: z/OS IBM CICS Transaction Server for RACF STIG Version: 6 Release: 6 Benchmark Date: 24 Apr 2020:SV-7532r4_rule
V-44
ZCIC0040
ZCIC0040
CAT II
10
Review all CICS region, default, and end-user userids to ensure they are defined and controlled as required.
Ensure that the following is defined for each CICS region:
1) A unique userid is defined.
Use the RACF Adduser command to accomplish this. A sample command is provided here:
AU <cicsregionid> NAME('STC, CICS Region') DFLTGRP(STC) OWNER(STC)
2) Defined to the STARTED resource class.
Use the RACF RDEFINE command. A sample is provided here:
RDEF STARTED <cicsprocname>.** UACC(NONE) OWNER(ADMIN) DATA('USED TO MAP <cicsprocname> TO A VALID RACF USERID') STDATA(USER(=MEMBER) GROUP(STC) TRACE(YES))
a) Refer to the following report produced by the z/OS Data Collection:
- EXAM.RPT(CICSPROC)
Refer to the following reports produced by the RACF Data Collection:
- RACFCMDS.RPT(LISTUSER)
- DSMON.RPT(RACCDT)
Refer to the CICS Systems Programmer Worksheets filled out from previous vulnerability ZCIC0010.
b) Ensure that the following is defined for each CICS region:
1) A unique userid is defined.
2) Defined to the STARTED resource class.
c) If (b) is true, this is not a finding.
d) If (b) is untrue, this is a finding.
V-44
False
ZCIC0040
a) Refer to the following report produced by the z/OS Data Collection:
- EXAM.RPT(CICSPROC)
Refer to the following reports produced by the RACF Data Collection:
- RACFCMDS.RPT(LISTUSER)
- DSMON.RPT(RACCDT)
Refer to the CICS Systems Programmer Worksheets filled out from previous vulnerability ZCIC0010.
b) Ensure that the following is defined for each CICS region:
1) A unique userid is defined.
2) Defined to the STARTED resource class.
c) If (b) is true, this is not a finding.
d) If (b) is untrue, this is a finding.
M
Information Assurance Officer
197