STIGQter STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

CA-ACF2 must limit Update and Allocate access to system backup files to system programmers and/or batch jobs that perform DASD backups.

DISA Rule

SV-223458r533198_rule

Vulnerability Number

V-223458

Group Title

SRG-OS-000324-GPOS-00125

Rule Version

ACF2-ES-000380

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Obtain the high level indexes to backup data sets names define their access to be restricted by the System's ESM to System Programmers and batch jobs that perform the backups. Define READ Access to system backup data sets to be limited to auditors and others approved by the ISSM.

Check Contents

Collect from the storage management group the identification of the DASD backup files and all associated storage management userids/LIDs/ACIDs.

If ESM data set rules for system DASD backup files do not restrict UPDATE and ALLOCATE access to z/OS systems programming and/or batch jobs that perform DASD backups, this is a finding.

If READ Access to system backup data sets is not limited to auditors and others approved by the ISSM, this is a finding.

Vulnerability Number

V-223458

Documentable

False

Rule Version

ACF2-ES-000380

Severity Override Guidance

Collect from the storage management group the identification of the DASD backup files and all associated storage management userids/LIDs/ACIDs.

If ESM data set rules for system DASD backup files do not restrict UPDATE and ALLOCATE access to z/OS systems programming and/or batch jobs that perform DASD backups, this is a finding.

If READ Access to system backup data sets is not limited to auditors and others approved by the ISSM, this is a finding.

Check Content Reference

M

Target Key

4100

Comments