STIGQter STIGQter: STIG Summary: z/OS RACF STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: Batch job user Ids must be properly defined.

DISA Rule

SV-19114r3_rule

Vulnerability Number

V-17839

Group Title

RACF0595

Rule Version

RACF0595

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure the following:

Associated USERIDs exist for all batch jobs and documentation authorizing access to system resources is maintained and implemented.

Set up the userids with the RACF PROTECTED attribute. A sample RACF command to accomplish is shown here: ALU <execution-userid> NOPASSWORD NOOIDCARD.

Check Contents

Refer to the documentation of the processes used for submission of batch jobs via an automated process (i.e., scheduler or other sources) and each of the associated user IDs.

From a command input screen enter:
LISTUSER(each identified batch job)

Alternately:
Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(LISTUSER)

The following USERID record fields/attributes must be specified:

NAME
PROTECTED

No USERID has the LAST-ACCESS field set to UNKNOWN.

If both of the above are true, this is not a finding.
If either of the USERID record fields/attributes (NAME and/or PROTECTED) are blank and/or the LAST ACCESS field is set to unknown, this is a finding.

Vulnerability Number

V-17839

Documentable

False

Rule Version

RACF0595

Severity Override Guidance

Refer to the documentation of the processes used for submission of batch jobs via an automated process (i.e., scheduler or other sources) and each of the associated user IDs.

From a command input screen enter:
LISTUSER(each identified batch job)

Alternately:
Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(LISTUSER)

The following USERID record fields/attributes must be specified:

NAME
PROTECTED

No USERID has the LAST-ACCESS field set to UNKNOWN.

If both of the above are true, this is not a finding.
If either of the USERID record fields/attributes (NAME and/or PROTECTED) are blank and/or the LAST ACCESS field is set to unknown, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

197

Comments