STIGQter: STIG Summary: z/OS Compuware Abend-AID for TSS STIG Version: 6 Release: 6 Benchmark Date: 27 Jul 2018: STIGQter: STIG Summary: z/OS Compuware Abend-AID for TSS STIG Version: 6 Release: 6 Benchmark Date: 27 Jul 2018:SV-44086r2_rule
V-17947
ZB000020
ZAIDT020
CAT II
10
Ensure that the following are properly specified in the ACP.
(Note: The resources and/or resource prefixes identified below are examples of a possible installation. The actual resources and/or prefixes are determined when the product is actually installed on a system through the product’s installation guide and can be site specific.)
Use Compuware Abend-AID Resources and Compuware Abend-AID Resources Descriptions tables in the zOS STIG Addendum. These tables list the resources, descriptions, and access and logging requirements. Ensure the guidelines for the resources and/or generic equivalent specified in the z/OS STIG Addendum are followed.
Note: The Compuware Abend-AID resource class is identified in the Viewer Server’s STC configuration procedure, CWPARM DD statement, member name AAVW00, using the parameter setting EXTERNAL_SECURITY_RESOURCE_CLASS. In addition, there is a parameter that identifies the prefix for all resources, which is EXTERNAL_SECURITY_PREFIX.
The TSS resources as designated in the above table are owned and/or DEFPROT is specified for the resource class.
The TSS resource access authorizations restrict access to the appropriate personnel as designated in the above table.
The following commands are provided as a sample for implementing resource controls:
TSS ADD(dept-acid) resource-class(prefix)
TSS PERMIT(appdaudt) res-class(prefix.SERVER.LOGON.FD.) ACCESS(ALL)
TSS PERMIT(appsaudt) res-class(prefix.SERVER.LOGON.FD.) ACCESS(ALL)
TSS PERMIT(operaudt) res-class(prefix.SERVER.LOGON.FD.) ACCESS(ALL)
TSS PERMIT(syspaudt) res-class(prefix.SERVER.LOGON.FD.) ACCESS(ALL)
Refer to the following report produced by the TSS Data Collection and Data Set and Resource Data Collection:
- SENSITVE.RPT(ZAID0020)
- TSSCMDS.RPT(#RDT)
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZAID0020)
Note: The Abend-AID resource class is identified in the Enterprise Common Components (ECC) STC procedure, CWPARM DD statement, member name AAVW00, using the parameter setting EXTERNAL_SECURITY_RESOURCE_CLASS.
Verify that the accesses to resources and/or generic equivalent are properly restricted according to the requirements specified in Compuware Abend-AID Resources table in the z/OS STIG Addendum.
If the following guidance is true, this is not a finding.
___ The TSS resources are owned or DEFPROT is specified for the resource class.
___ The TSS resource access authorizations restrict access to the appropriate personnel.
V-17947
False
ZAIDT020
Refer to the following report produced by the TSS Data Collection and Data Set and Resource Data Collection:
- SENSITVE.RPT(ZAID0020)
- TSSCMDS.RPT(#RDT)
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZAID0020)
Note: The Abend-AID resource class is identified in the Enterprise Common Components (ECC) STC procedure, CWPARM DD statement, member name AAVW00, using the parameter setting EXTERNAL_SECURITY_RESOURCE_CLASS.
Verify that the accesses to resources and/or generic equivalent are properly restricted according to the requirements specified in Compuware Abend-AID Resources table in the z/OS STIG Addendum.
If the following guidance is true, this is not a finding.
___ The TSS resources are owned or DEFPROT is specified for the resource class.
___ The TSS resource access authorizations restrict access to the appropriate personnel.
M
Systems Programmer
2344