STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

The number of CA-TSS ACIDs with MISC9 authority must be justified.

DISA Rule

SV-223938r561402_rule

Vulnerability Number

V-223938

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

TSS0-ES-000650

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002145 - The information system enforces organization-defined circumstances and/or usage conditions for organization-defined information system accounts.

Weight

10

Fix Recommendation

Review all ACIDs with the MISC9 attribute. Evaluate the impact of removing MISC9(ALL) or MISC9(CONSOLE) access from ACIDs not required to assign the CONSOLE attribute. It is suggested that MISC9(CONSOLE) assignment privileges be limited to the MSCA. Develop a plan of action and implement the changes.

Check Contents

From the ISPF Command Shell enter:
TSS LIST(ACIDS) DATA(ADMIN)

If the ACIDs having MISC9(ALL) or MISC9(CONSOLE) authority are designated SCAs who are responsible for the security for the domain this is not a finding.

Vulnerability Number

V-223938

Documentable

False

Rule Version

TSS0-ES-000650

Severity Override Guidance

From the ISPF Command Shell enter:
TSS LIST(ACIDS) DATA(ADMIN)

If the ACIDs having MISC9(ALL) or MISC9(CONSOLE) authority are designated SCAs who are responsible for the security for the domain this is not a finding.

Check Content Reference

M

Target Key

4102

Comments