Check: ACF2-OS-000230
IBM z/OS ACF2 STIG:
ACF2-OS-000230
(in versions v9 r2 through v7 r1)
Title
IBM z/OS DFSMS control data sets must reside on separate storage volumes. (Cat II impact)
Discussion
Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affect the security posture and/or functionality of the system. Security-related parameters are those parameters impacting the security state of the system, including the parameters required to satisfy other security control requirements. Security-related parameters include, for example: registry settings; account, file, directory permission settings; and settings for functions, ports, protocols, services, and remote connections.
Check Content
Review the logical parmlib data sets, example: SYS1.PARMLIB(IGDSMSxx), to identify the fully qualified file names for the following SMS data sets: Active Control Data Set (ACDS) Communications Data Set (COMMDS) If the COMMDS and ACDS SMS data sets identified above reside on different volumes, this is not a finding. If the COMMDS and ACDS SMS data sets identified above are collocated on the same volume, this is a finding.
Fix Text
Allocate the primary and backup SMS Control data sets on separate volumes. Source Control Data Set (SCDS) contains a SMS configuration, which defines a storage management policy. Active Control Data Set (ACDS) contains a copy of the most recently activated configuration. All systems in a SMS complex use this configuration to manage storage. Communications Data Set (COMMDS) contains the name of the ACDS containing the currently active storage management policy, the current utilization statistics for each system managed volume, and other system information. The ACDS data set will reside on a different volume than the COMMDS data set. Allocate backup copies of the ADCS and COMMDS data sets on a different shared volume from the primary ACDS and COMMDS data sets.
Additional Identifiers
Rule ID: SV-223559r991589_rule
Vulnerability ID: V-223559
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
CCI-000549 |
Maintain a redundant secondary system that is not collocated with the primary system. |