STIGQter STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS UNIX MVS data sets used as step libraries in /etc/steplib must be properly protected.

DISA Rule

SV-224081r561402_rule

Vulnerability Number

V-224081

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

TSS0-US-000080

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the WRITE or greater access to libraries residing in the /etc/steplib to be limited to system programmers only.

Check Contents

Refer to the pathname from the STEPLIBLIST line in BPXPRMxx member of PARMLIB.
From the ISPF Command shell enter:
ISHELL

on the command line:
on the path name line enter:
/etc/

From the resulting display scroll down to the <stepliblist name> from BPXPRMxx parm.

Enter B for browse on that line.

If ESM data set rules for libraries specified restrict WRITE or greater access to only systems programming personnel, this is not a finding.

If the ESM data set rules for libraries specify that all (i.e., failures and successes) WRITE or greater access will be logged, this is not a finding.

Vulnerability Number

V-224081

Documentable

False

Rule Version

TSS0-US-000080

Severity Override Guidance

Refer to the pathname from the STEPLIBLIST line in BPXPRMxx member of PARMLIB.
From the ISPF Command shell enter:
ISHELL

on the command line:
on the path name line enter:
/etc/

From the resulting display scroll down to the <stepliblist name> from BPXPRMxx parm.

Enter B for browse on that line.

If ESM data set rules for libraries specified restrict WRITE or greater access to only systems programming personnel, this is not a finding.

If the ESM data set rules for libraries specify that all (i.e., failures and successes) WRITE or greater access will be logged, this is not a finding.

Check Content Reference

M

Target Key

4102

Comments