STIGQter: STIG Summary: z/OS Compuware Abend-AID for ACF2 STIG Version: 6 Release: 6 Benchmark Date: 27 Jul 2018: STIGQter: STIG Summary: z/OS Compuware Abend-AID for ACF2 STIG Version: 6 Release: 6 Benchmark Date: 27 Jul 2018:SV-44084r2_rule
V-17947
ZB000020
ZAIDA020
CAT II
10
Ensure that the following are properly specified in the ACP.
(Note: The resources and/or resource prefixes identified below are examples of a possible installation. The actual resources and/or prefixes are determined when the product is actually installed on a system through the product’s installation guide and can be site specific.)
Use the Compuware Abend-AID Resources and Compuware Abend-AID Resources Descriptions tables in the zOS STIG Addendum. These tables list the resources, access requirements, and logging requirement for Compuware Abend-AID. Ensure the guidelines for the resources and/or generic equivalent specified in the z/OS STIG Addendum are followed.
Note: The Compuware Abend-AID resource class is identified in the Viewer Server’s STC configuration procedure, CWPARM DD statement, member name AAVW00, using the parameter setting EXTERNAL_SECURITY_RESOURCE_CLASS. In addition, there is a parameter that identifies the prefix for all resources, which is EXTERNAL_SECURITY_PREFIX.
The ACF2 resources as designated in the above table are defined with a default access of PREVENT.
The ACF2 resource access authorizations restrict access to the appropriate personnel as designated in the above table.
The following commands are provided as a sample for implementing resource controls:
$KEY(prefix) TYPE(resource-type)
SERVER.LOGON.FD.- UID(appdaudt) ALLOW
SERVER.LOGON.FD.- UID(appsaudt) ALLOW
SERVER.LOGON.FD.- UID(operaudt) ALLOW
SERVER.LOGON.FD.- UID(syspaudt) ALLOW
- UID(*) PREVENT
Refer to the following report produced by the ACF2 Data Collection and Data Set and Resource Data Collection:
SENSITVE.RPT(ZAID0020)
- ACF2CMDS.RPT(RESOURCE) – Alternate report
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZAID0020)
NOTE: The Abend-AID resource class is identified in the Enterprise Common Components (ECC) STC procedure, CWPARM DD statement, member name AAVW00, using the parameter setting EXTERNAL_SECURITY_RESOURCE_CLASS.
Verify that the accesses to resources and/or generic equivalent are properly restricted according to the requirements specified in the Compuware Abend-AID Resources table in the z/OS STIG Addendum.
If the following guidance is true, this is not a finding.
___ The ACF2 resources are defined with a default access of PREVENT.
___ The ACF2 resource access authorizations restrict access to the appropriate personnel.
V-17947
False
ZAIDA020
Refer to the following report produced by the ACF2 Data Collection and Data Set and Resource Data Collection:
SENSITVE.RPT(ZAID0020)
- ACF2CMDS.RPT(RESOURCE) – Alternate report
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZAID0020)
NOTE: The Abend-AID resource class is identified in the Enterprise Common Components (ECC) STC procedure, CWPARM DD statement, member name AAVW00, using the parameter setting EXTERNAL_SECURITY_RESOURCE_CLASS.
Verify that the accesses to resources and/or generic equivalent are properly restricted according to the requirements specified in the Compuware Abend-AID Resources table in the z/OS STIG Addendum.
If the following guidance is true, this is not a finding.
___ The ACF2 resources are defined with a default access of PREVENT.
___ The ACF2 resource access authorizations restrict access to the appropriate personnel.
M
Systems Programmer
2344