STIGQter STIGQter: STIG Summary: z/OS RACF STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: The CMDVIOL SETROPTS value is not set to CMDVIOL.

DISA Rule

SV-257r2_rule

Vulnerability Number

V-257

Group Title

RACF0280

Rule Version

RACF0280

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The IAO will ensure that CMDVIOL SETROPTS value is active and set to log RACF commands violations.

Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

The RACF Command SETR LIST will show the status of RACF Controls including a list of ATTRIBUTES.

(1) Command Violation Logging is activated with the command SETR CMDVIOL.

Check Contents

a) Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

- PDI(RACF0280)

b) If the CMDVIOL value is listed as one of the ATTRIBUTES, there is NO FINDING.

c) If the CMDVIOL value is not listed as one of the ATTRIBUTES, this is a FINDING.

Vulnerability Number

V-257

Documentable

False

Rule Version

RACF0280

Severity Override Guidance

a) Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

- PDI(RACF0280)

b) If the CMDVIOL value is listed as one of the ATTRIBUTES, there is NO FINDING.

c) If the CMDVIOL value is not listed as one of the ATTRIBUTES, this is a FINDING.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

197

Comments