STIGQter STIGQter: STIG Summary: z/OS ROSCOE for ACF2 STIG Version: 6 Release: 7 Benchmark Date: 20 Jan 2015: ROSCOE STC data sets are not properly protected.

DISA Rule

SV-21875r1_rule

Vulnerability Number

V-17067

Group Title

ZB000001

Rule Version

ZROSA001

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The IAO will ensure that update and allocate access to the ROSCOE started task or batch job data sets is limited to system programmers and the started task only and all update and allocate access is logged.

The IAO will ensure that all other accesses to the ROSCOE started task or batch job data sets are properly restricted and all required accesses are properly logged.

Data sets to be protected will be

SYS3.ROSCOE.SYS**
SYS3.ROSCOE.ROSLIB**

Example:

SET RULE
$KEY(SYS3)
ROSCOE.SYS- UID(syspudt) R(A) W(L) A(L) E(A)
ROSCOE.SYS- UID(stc roscoe) R(A) W(L) A(L) E(A)
ROSCOE.ROSLIB- UID(syspudt) R(A) W(L) A(L) E(A)
ROSCOE.ROSLIB- UID(stc roscoe) R(A) W(L) A(L) E(A)

Check Contents

a) Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(ROSSTC)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZROS0001)

b) Verify that access to the ROSCOE STC data sets are properly restricted. The data sets in this group are the data sets identified in the ROSACTxx (if used), ROSLIBxx, and SYSAWSx DD statements of the STC or batch JCL.

___ The ACF2 data set rules for the data sets does not restrict UPDATE and/or ALTER access to systems programming personnel.

___ The ACF2 data set rules for the data sets does not restrict UPDATE and/or ALTER access to the product STC(s) and/or batch job(s).

c) If all of the above are untrue, there is NO FINDING.

d) If any of the above is true, this is a FINDING.

Vulnerability Number

V-17067

Documentable

False

Rule Version

ZROSA001

Severity Override Guidance

a) Refer to the following report produced by the Data Set and Resource Data Collection:

- SENSITVE.RPT(ROSSTC)

Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZROS0001)

b) Verify that access to the ROSCOE STC data sets are properly restricted. The data sets in this group are the data sets identified in the ROSACTxx (if used), ROSLIBxx, and SYSAWSx DD statements of the STC or batch JCL.

___ The ACF2 data set rules for the data sets does not restrict UPDATE and/or ALTER access to systems programming personnel.

___ The ACF2 data set rules for the data sets does not restrict UPDATE and/or ALTER access to the product STC(s) and/or batch job(s).

c) If all of the above are untrue, there is NO FINDING.

d) If any of the above is true, this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

1665

Comments