STIGQter STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

CA-ACF2 must limit Update and Allocate access to all APF-authorized libraries to system programmers only.

DISA Rule

SV-223449r533198_rule

Vulnerability Number

V-223449

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

ACF2-ES-000280

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Review access authorization to critical system files. Evaluate the impact of correcting the deficiency. Develop a plan of action and implement the changes required to protect APF Authorized Libraries.

Configure Update and Allocate access to all APF-authorized libraries to be limited to system programmers only and all update and alter access is logged.

Check Contents

From Any ISPF input line, enter:
TSO ISRDDN APF

If all of the below are untrue, this is not a finding.

If any of the below is true, this is a finding.

-The ACP data set rules for APF libraries do not restrict UPDATE and/or ALTER access to only z/OS systems programming personnel.
-The ACP data set rules for APF libraries do not specify that all (i.e., failures and successes) UPDATE and/or ALTER access will be logged.

Vulnerability Number

V-223449

Documentable

False

Rule Version

ACF2-ES-000280

Severity Override Guidance

From Any ISPF input line, enter:
TSO ISRDDN APF

If all of the below are untrue, this is not a finding.

If any of the below is true, this is a finding.

-The ACP data set rules for APF libraries do not restrict UPDATE and/or ALTER access to only z/OS systems programming personnel.
-The ACP data set rules for APF libraries do not specify that all (i.e., failures and successes) UPDATE and/or ALTER access will be logged.

Check Content Reference

M

Target Key

4100

Comments