STIGQter: STIG Summary: z/OS Compuware Abend-AID for TSS STIG Version: 6 Release: 6 Benchmark Date: 27 Jul 2018: STIGQter: STIG Summary: z/OS Compuware Abend-AID for TSS STIG Version: 6 Release: 6 Benchmark Date: 27 Jul 2018:SV-75841r1_rule
V-21592
ZB000002
ZAIDT002
CAT II
10
Ensure that WRITE and/or greater access to Compuware Abend-AID User data sets listed is limited to System Programmers and Compuware Abend-AID’s STC(s) and/or batch user(s) only. Ensure that CONTROL access to Compuware Abend-AID User data sets listed is limited to Application Development Programmers and Application Production Support Team members. READ access can be given to auditors.
(Note: The data sets and/or data set prefixes identified below are examples of a possible installation. The actual data sets and/or prefixes are determined when the product is actually installed on a system through the product’s installation guide and can be site specific.)
Data sets to be protected will be:
Region dump datasets
Report databases
Source listing files/source listing shared directories
The following commands are provided as a sample for implementing data set controls:
TSS ADD(SYS3) DSN(SYS3.)
TSS PERMIT(syspaudt) DSN(SYS3.ABENDAID.REPORTDB) ACCESS(ALL)
TSS PERMIT(tstcaudt) DSN(SYS3.ABENDAID.REPORTDB) ACCESS(ALL)
TSS PERMIT(ABEND-AID STCs) DSN(SYS3.ABENDAID.REPORTDB) ACCESS(ALL)
TSS PERMIT(audtaudt) DSN(SYS3.ABENDAID.REPORTDB) ACCESS(READ)
TSS PERMIT(appdaudt) DSN(SYS3.ABENDAID.REPORTDB) ACCESS(CONTROL)
TSS PERMIT(appsaudt) DSN(SYS3.ABENDAID.REPORTDB) ACCESS(CONTROL)
TSS PERMIT(syspaudt) DSN(SYS3.ABENDAID.SHARED) ACCESS(ALL)
TSS PERMIT(tstcaudt) DSN(SYS3.ABENDAID.SHARED) ACCESS(ALL)
TSS PERMIT(ABEND-AID STCs) DSN(SYS3.ABENDAID.SHARED) ACCESS(ALL)
TSS PERMIT(audtaudt) DSN(SYS3.ABENDAID.SHARED) ACCESS(READ)
TSS PERMIT(appdaudt) DSN(SYS3.ABENDAID.SHARED) ACCESS(CONTROL)
TSS PERMIT(appsaudt) DSN(SYS3.ABENDAID.SHARED) ACCESS(CONTROL)
Refer to the following report produced by the Data Set and Resource Data Collection:
- SENSITVE.RPT(AIDUSER)
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZAID0002)
Verify that the accesses to the following Compuware Abend-AID user data sets are properly restricted:
Region dump datasets
Report databases
Source listing files/source listing shared directories
If the following guidance is true, this is not a finding.
___ The TSS data set rules for the listed data sets restricts READ access to auditors.
___ The TSS data set rules for the listed data sets restricts WRITE and/or greater access to systems programming personnel.
___ The TSS data set rules for the listed data sets restricts WRITE and/or greater access to the Compuware Abend-AID’s STC(s) and/or batch user(s).
___ The TSS data set rules for the listed data sets restricts CONTROL access to Application Development Programmers and Application Production Support Team members.
V-21592
False
ZAIDT002
Refer to the following report produced by the Data Set and Resource Data Collection:
- SENSITVE.RPT(AIDUSER)
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZAID0002)
Verify that the accesses to the following Compuware Abend-AID user data sets are properly restricted:
Region dump datasets
Report databases
Source listing files/source listing shared directories
If the following guidance is true, this is not a finding.
___ The TSS data set rules for the listed data sets restricts READ access to auditors.
___ The TSS data set rules for the listed data sets restricts WRITE and/or greater access to systems programming personnel.
___ The TSS data set rules for the listed data sets restricts WRITE and/or greater access to the Compuware Abend-AID’s STC(s) and/or batch user(s).
___ The TSS data set rules for the listed data sets restricts CONTROL access to Application Development Programmers and Application Production Support Team members.
M
Systems Programmer
2344