STIGQter STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

IBM z/OS JES2 input sources must be properly controlled.

DISA Rule

SV-223747r604139_rule

Vulnerability Number

V-223747

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

RACF-JS-000030

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure access for resources defined to the JESINPUT resource class to restrict to the appropriate personnel.

Grant read access to authorized users for each of the following input sources:

INTRDR
nodename
OFFn.*
OFFn.JR
OFFn.SR
Rnnnn.RDm
RDRnn
STCINRDR
TSUINRDR and/or TSOINRDR

The resource definition will be generic if all of the resources of the same type have identical access controls (e.g., if all off load receivers are equivalent).

Check Contents

From the ISPF Command Shell enter:
RL JESINPUT *

If the RACF resources and/or generic equivalent identified below are defined with access restricted to the appropriate personnel, this is not a finding.

INTRDR
nodename
OFFn.*
OFFn.JR
OFFn.SR
Rnnnn.RDm
RDRnn
STCINRDR
TSUINRDR and/or TSOINRDR

Note: Examples of appropriate might be access to the offload input sources is limited to systems personnel (e.g., operations staff) as directed by site operations and the site security plan.

Vulnerability Number

V-223747

Documentable

False

Rule Version

RACF-JS-000030

Severity Override Guidance

From the ISPF Command Shell enter:
RL JESINPUT *

If the RACF resources and/or generic equivalent identified below are defined with access restricted to the appropriate personnel, this is not a finding.

INTRDR
nodename
OFFn.*
OFFn.JR
OFFn.SR
Rnnnn.RDm
RDRnn
STCINRDR
TSUINRDR and/or TSOINRDR

Note: Examples of appropriate might be access to the offload input sources is limited to systems personnel (e.g., operations staff) as directed by site operations and the site security plan.

Check Content Reference

M

Target Key

4101

Comments