STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

CA-ACF2 LOGONIDs must not be defined to SYS1.UADS for non-emergency use.

DISA Rule

SV-223456r533198_rule

Vulnerability Number

V-223456

Group Title

SRG-OS-000324-GPOS-00125

Rule Version

ACF2-ES-000350

Severity

CAT I

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Configure the SYS1.UADS entries to ensure LOGONIDs defined include only those users required to support specific functions related to system recovery. Evaluate the impact of accomplishing the change.

Check Contents

Ask the system administrator to provide a list of all emergency userids available to the site along with the associated function of each.

If SYS1.UADS userids are limited and reserved for emergency purposes only, this is not a finding.

Vulnerability Number

V-223456

Documentable

False

Rule Version

ACF2-ES-000350

Severity Override Guidance

Ask the system administrator to provide a list of all emergency userids available to the site along with the associated function of each.

If SYS1.UADS userids are limited and reserved for emergency purposes only, this is not a finding.

Check Content Reference

M

Target Key

4100

Comments