STIGQter STIGQter: STIG Summary: z/OS RACF STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: Update and allocate access to data sets used to backup and/or dump SMF collection files are not limited to system programmers and/or batch jobs that perform SMF dump processing.

DISA Rule

SV-124r2_rule

Vulnerability Number

V-124

Group Title

ACP00190

Rule Version

ACP00190

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The IAO will ensure that update and allocate access to datasets used to backup and/or dump SMF collection files is limited to system programmers and/or batch jobs that perform SMF dump processing and all dataset access is logged.

Review access authorization to critical system files. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes as required to protect datasets used to backup and/or dump SMF Collection Files.

In z/OS systems, SMF data is the ultimate record of system activity. Therefore, SMF data is of the most sensitive and critical nature. While the length of time for which SMF data will be retained is not specifically regulated, it is imperative that the information is available for the longest possible time period in case of subsequent investigations. The statute of limitations varies according to the nature of a crime. It may vary by jurisdiction, and some crimes are not subject to a statute of limitations. Apply the following guidelines to the retention of SMF data for all DOD systems:

(a) Retain at least two (2) copies of the SMF data.

(b) Maintain SMF data for a minimum of one year.

(c) All update and alter access authority to SMF history files will be logged using the ACP’s facilities. Only systems programming personnel and batch jobs that perform SMF functions will be authorized to update the SMF files.

Check Contents

a) Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(SMFBKRPT)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ACP00190)

Have the systems programmer supply the procedures and collection specifics for SMF datasets and backup.

___ The ACP data set rules for the SMF dump/backup files allow inappropriate access.

___ The ACP data set rules for the SMF dump/backup files do not restrict UPDATE and/or ALTER access to authorized DISA and site personnel (e.g., systems programmers and batch jobs that perform SMF processing).

___ The ACP data set rules for SMF dump/backup files do not specify that all (i.e., failures and successes) UPDATE and/or ALTER access will be logged.

b) If all of the above are untrue, there is NO FINDING.

c) If any of the above is true, or if these data sets cannot be identified due to a lack of requested information, this is a FINDING.

Vulnerability Number

V-124

Documentable

False

Rule Version

ACP00190

Severity Override Guidance

a) Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(SMFBKRPT)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ACP00190)

Have the systems programmer supply the procedures and collection specifics for SMF datasets and backup.

___ The ACP data set rules for the SMF dump/backup files allow inappropriate access.

___ The ACP data set rules for the SMF dump/backup files do not restrict UPDATE and/or ALTER access to authorized DISA and site personnel (e.g., systems programmers and batch jobs that perform SMF processing).

___ The ACP data set rules for SMF dump/backup files do not specify that all (i.e., failures and successes) UPDATE and/or ALTER access will be logged.

b) If all of the above are untrue, there is NO FINDING.

c) If any of the above is true, or if these data sets cannot be identified due to a lack of requested information, this is a FINDING.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

106

Comments