STIGQter: STIG Summary: z/OS CA 1 Tape Management for ACF2 STIG Version: 6 Release: 8 Benchmark Date: 25 Oct 2019:

CA-1 Tape Management STC data sets must be properly protected.

DISA Rule

SV-87409r1_rule

Vulnerability Number

V-17067

Group Title

ZB000001

Rule Version

ZCA1A001

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Ensure that WRITE and/or greater access to CA1 Tape management STC data sets is limited to System Programmers and/or CA1 Tape management STC(s) and/or batch user(s) only.
(Note: The data sets and/or data set prefixes identified below are examples of a possible installation. The actual data sets and/or prefixes are determined when the product is actually installed on a system through the product’s installation guide and can be site specific.)

Data sets to be protected will be:
CA1.TMS* (Data sets that are altered by the product’s STCs, this can be more specific.)

The following commands are provided as a sample for implementing data set controls:

$KEY(SYS3)
CA1.TMS*.**- UID(<syspaudt>) R(A) W(A) A(A) E(A)
CA1.TMS*.**- UID(<Tape Management STCs and/or batch users >) R(A) W(A) A(A) E(A)
CA1.TMS*.**- UID(<audtaudt>) R(A) E(A)

Check Contents

Refer to the following report produced by the ACF2 Data Collection and Data Set and Resource Data Collection:

- SENSITVE.RPT(CA1STC)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZCA10001)

Verify that the accesses to CA1 Tape Management Started Tasks (STCs) data sets are properly restricted. If the following guidance is true, this is not a finding.

___ The ACF2 data set access authorizations restrict READ access to auditors.

___ The ACF2 data set access authorizations restrict WRITE and/or greater access to systems programming personnel.

___ The ACF2 data set access authorizations restrict WRITE and/or greater access to CA1 Tape Management STCs and/or batch users.

Vulnerability Number

V-17067

Documentable

False

Rule Version

ZCA1A001

Severity Override Guidance

Refer to the following report produced by the ACF2 Data Collection and Data Set and Resource Data Collection:

- SENSITVE.RPT(CA1STC)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZCA10001)

Verify that the accesses to CA1 Tape Management Started Tasks (STCs) data sets are properly restricted. If the following guidance is true, this is not a finding.

___ The ACF2 data set access authorizations restrict READ access to auditors.

___ The ACF2 data set access authorizations restrict WRITE and/or greater access to systems programming personnel.

___ The ACF2 data set access authorizations restrict WRITE and/or greater access to CA1 Tape Management STCs and/or batch users.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

2189

Comments