SV-50924r2_rule
V-17947
ZB000020
ZNETA020
CAT II
10
The IAO will work with the systems programmer to verify that the following are properly specified in the ACP.
(Note: The resource type, resources, and/or resource prefixes identified below are examples of a possible installation. The actual resource type, resources, and/or resource prefixes are determined when the product is actually installed on a system through the product’s installation guide and can be site specific.)
When SECOPTS.OPERSEC=SAFPW is specified in ZNET0040, this is not applicable. This can be bypassed.
Ensure that all NetView resources and/or generic equivalents are properly protected according to the requirements specified in the NetView Resources table in the z/OS STIG Addendum. Additional details can be obtained in the IBM Tivoli NetView for z/OS Security Reference.
Use the NetView Resources table in the z/OS STIG Addendum. This table lists the resources and access requirements for NetView, ensure the following guidelines are followed:
The ACF2 resources are defined with a default access of PREVENT.
The ACF2 resource access authorizations restrict access to the appropriate personnel.
The following commands are provided as a sample for implementing resource controls:
$KEY(netid) TYPE(typecode)
luname.ADDCMD.- UID(syspaudt) ALLOW
- UID(*) PREVENT
Refer to the following report produced by the ACF2 Data Collection and Data Set and Resource Data Collection:
- SENSITVE.RPT(ZNET0020)
- ACF2CMDS.RPT(RESOURCE) – Alternate report
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZNET0020)
When SECOPTS.OPERSEC=SAFPW is specified in ZNET0040, this is not applicable.
Ensure that all NetView resources and/or generic equivalents are properly protected according to the requirements specified in the NetView Resources table in the z/OS STIG Addendum. If the following guidance is true, this is not a finding.
___ The ACF2 resources are defined with a default access of PREVENT.
___ The ACF2 resource access authorizations restrict access to the appropriate personnel.
V-17947
False
ZNETA020
Refer to the following report produced by the ACF2 Data Collection and Data Set and Resource Data Collection:
- SENSITVE.RPT(ZNET0020)
- ACF2CMDS.RPT(RESOURCE) – Alternate report
Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:
- PDI(ZNET0020)
When SECOPTS.OPERSEC=SAFPW is specified in ZNET0040, this is not applicable.
Ensure that all NetView resources and/or generic equivalents are properly protected according to the requirements specified in the NetView Resources table in the z/OS STIG Addendum. If the following guidance is true, this is not a finding.
___ The ACF2 resources are defined with a default access of PREVENT.
___ The ACF2 resource access authorizations restrict access to the appropriate personnel.
M
Systems Programmer
1859