STIGQter: STIG Summary: z/OS CA 1 Tape Management for TSS STIG Version: 6 Release: 8 Benchmark Date: 25 Oct 2019:

CA-1 Tape Management STC data sets must be properly protected.

DISA Rule

SV-87415r1_rule

Vulnerability Number

V-17067

Group Title

ZB000001

Rule Version

ZCA1T001

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Ensure that WRITE and/or greater access to CA1 Tape management STC data sets is limited to System Programmers and/or CA1 Tape management STC(s) and/or batch user(s) only. READ access can be given to auditors.
(Note: The data sets and/or data set prefixes identified below are examples of a possible installation. The actual data sets and/or prefixes are determined when the product is actually installed on a system through the product’s installation guide and can be site specific.)

Data sets to be protected will be:
CA1.TMS* (Data sets that are altered by the product’s STCs, this can be more specific.)

The following commands are provided as a sample for implementing data set controls:

TSS PERMIT(<syspaudt>) DSN(SYS3.CA1.TMS*.**) ACCESS(ALL)
TSS PERMIT(<Tape Management STCs and/or batch users >) DSN(SYS3.CA1.TMS*.**) ACCESS(ALL)
TSS PERMIT(<audtaudt >) DSN(SYS3.CA1.TMS*.**)

Check Contents

Refer to the following report produced by the TSS Data Collection and Data Set and Resource Data Collection:

- SENSITVE.RPT(CA1STC)


Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZCA10001)

Verify that the accesses to CA1 Tape Management Started Tasks (STCs) data sets are properly restricted. If the following guidance is true, this is not a finding.

___ The TSS data set access authorizations restrict READ access to auditors.

___ The TSS data set access authorizations restrict WRITE and/or greater access to systems programming personnel.

___ The TSS data set access authorizations restrict WRITE and/or greater access to CA1 Tape Management STCs and/or batch users.

Vulnerability Number

V-17067

Documentable

False

Rule Version

ZCA1T001

Severity Override Guidance

Refer to the following report produced by the TSS Data Collection and Data Set and Resource Data Collection:

- SENSITVE.RPT(CA1STC)


Automated Analysis
Refer to the following report produced by the Data Set and Resource Data Collection:

- PDI(ZCA10001)

Verify that the accesses to CA1 Tape Management Started Tasks (STCs) data sets are properly restricted. If the following guidance is true, this is not a finding.

___ The TSS data set access authorizations restrict READ access to auditors.

___ The TSS data set access authorizations restrict WRITE and/or greater access to systems programming personnel.

___ The TSS data set access authorizations restrict WRITE and/or greater access to CA1 Tape Management STCs and/or batch users.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

2189

Comments