STIGQter STIGQter: STIG Summary: z/OS RACF STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: The INITSTATS SETROPTS value is not set to INITSTATS.

DISA Rule

SV-266r2_rule

Vulnerability Number

V-266

Group Title

RACF0370

Rule Version

RACF0370

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The IAO will ensure that INITSTATS SETROPTS value is set to
INITSTATS this specifies that statistics available during RACINIT SVC processing are recorded.

Evaluate the impact associated with implementation of the control option. Develop a plan of action to implement the control option as specified in the example below:

The RACF Command SETR LIST will show the status of RACF Controls including a status of INITSTATS.

(1) INITSTATS is activated with the command SETR INITSTATS.

Check Contents

a) Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

- PDI(RACF0370)

b) If the INITSTATS value is listed as one of the ATTRIBUTES, there is NO FINDING.

c) If the INITSTATS value is not listed as one of the ATTRIBUTES, this is a FINDING.

Vulnerability Number

V-266

Documentable

False

Rule Version

RACF0370

Severity Override Guidance

a) Refer to the following report produced by the RACF Data Collection:

- RACFCMDS.RPT(SETROPTS)

Automated Analysis
Refer to the following report produced by the RACF Data Collection:

- PDI(RACF0370)

b) If the INITSTATS value is listed as one of the ATTRIBUTES, there is NO FINDING.

c) If the INITSTATS value is not listed as one of the ATTRIBUTES, this is a FINDING.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

197

Comments