STIGQter STIGQter: STIG Summary: z/OS ACF2 STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: There are maintenance LOGONIDs that do not have corresponding GSO MAINT records.

DISA Rule

SV-166r2_rule

Vulnerability Number

V-166

Group Title

ACF0660

Rule Version

ACF0660

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The IAO will ensure that an associated GSO maintenance record exists for each special user logonid identifying the program(s) that it is permitted to access and the library where the program(s) resides.

An associated GSO MAINT record will exist for each special user logonid, identifying the program(s) that it is permitted to access and the library where the program(s) resides.

Every maintenance logonid has a corresponding GSO MAINT record.

Example:

SET C(GSO)
INSERT MAINT.DFSMSHSM LIBRARY(SYS1.LINKLIB) LID(HSMDFDSS) PGM(ADRDSSU)

F ACF2,REFRESH(MAINT)

Check Contents

a) Refer to the following reports produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(ACFGSO)
- ACF2CMDS.RPT(ATTMAINT)

Automated Analysis
Refer to the following report produced by the ACF2 Data Collection Checklist:

- PDI(ACF0660)

b) If every maintenance logonid has a corresponding GSO MAINT record, there is NO FINDING.

c) If any maintenance logonid does not have a corresponding GSO MAINT record, this is a FINDING.

Vulnerability Number

V-166

Documentable

False

Rule Version

ACF0660

Severity Override Guidance

a) Refer to the following reports produced by the ACF2 Data Collection:

- ACF2CMDS.RPT(ACFGSO)
- ACF2CMDS.RPT(ATTMAINT)

Automated Analysis
Refer to the following report produced by the ACF2 Data Collection Checklist:

- PDI(ACF0660)

b) If every maintenance logonid has a corresponding GSO MAINT record, there is NO FINDING.

c) If any maintenance logonid does not have a corresponding GSO MAINT record, this is a FINDING.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

198

Comments