STIGQter STIGQter: STIG Summary: z/OS ACF2 STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: There are LOGONIDs defined to ACF2 that do not have the required fields completed.

DISA Rule

SV-158r3_rule

Vulnerability Number

V-158

Group Title

ACF0560

Rule Version

ACF0560

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The IAO will ensure that all LOGONID records have the required attributes.

Review all LOGONID definitions to ensure required information is provided.

Every user will be identified to ACF2 via a unique userid. (ACF2 calls this a logonid.) To ACF2, a user is an individual, a started task, or a batch job.

Every user will be fully identified within ACF2. Complete the following fields for every logonid:

NAME - User's name
UID-String - All fields defined in the ACFFDR @UID macro

All fields that comprise the standard UID string will be filled out for each user as a logonid is added.

Example:

SET LID
INSERT logoind UID(uid string) NAME(user name)

Check Contents

Refer to the following report produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(LOGONIDS)

Automated Analysis
Refer to the following report produced by the ACF2 Data Collection Checklist:

- PDI(ACF0560)

Verify that the below listed fields are complete for all logonids. If the following guidance is true, this is not a finding.

NAME User's name
UID-String All fields defined in the ACFFDR @UID macro

NOTE: A completed NAME field that can either be traced back to a current DD2875 or a Vendor Requirement (example: A Started Task).

NOTE: A user may be required to have more than one logonid but users must not share userids.

Vulnerability Number

V-158

Documentable

False

Rule Version

ACF0560

Severity Override Guidance

Refer to the following report produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(LOGONIDS)

Automated Analysis
Refer to the following report produced by the ACF2 Data Collection Checklist:

- PDI(ACF0560)

Verify that the below listed fields are complete for all logonids. If the following guidance is true, this is not a finding.

NAME User's name
UID-String All fields defined in the ACFFDR @UID macro

NOTE: A completed NAME field that can either be traced back to a current DD2875 or a Vendor Requirement (example: A Started Task).

NOTE: A user may be required to have more than one logonid but users must not share userids.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

198

Comments