An error occurred:

IBM z/OS RACF STIG Version Comparison

IBM z/OS RACF Security Technical Implementation Guide

Comparison

There are 3 differences between versions v8 r12 (July 26, 2023) (the "left" version) and v8 r14 (April 24, 2024) (the "right" version).

Check RACF-ES-000540 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

IBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.

Check Content

Refer to the SMFPRMxx member in SYS1.PARMLIB. Determine the SMF and/or Logstream dataset name. If the following statements are true, this is not a finding. The ESM data set rules for the SMF data collection files (e.g., SYS1.MAN* or IFASMF.SYS1.*) restrict WRITE ALTER or greater access to only z/OS systems programming personnel. The ESM data set rules for the SMF data collection files (e.g., SYS1.MAN* or IFASMF.SYS1.*) restrict UPDATE or greater access to z/OS systems programming personnel, staff and/or batch jobs that perform SMF dump processing and others approved by the ISSM. The ESM data set rules for the SMF data collection files (e.g., SYS1.MAN* or IFASMF.SYS1.*) restrict READ access to auditors and others approved by the ISSM. The ESM data set rules for SMF data collection files (e.g., SYS1.MAN* or IFASMF.SYS1.*) specify that all (i.e., failures and successes) UPDATE and/or ALTER access accesses are logged.

Discussion

SMF data collection is the system activity journaling facility of the z/OS system. Unauthorized access could result in the compromise of logging and recording of the operating system environment, ESM, and customer data. Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit operating system activity. Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029, SRG-OS-000256-GPOS-00097, CCI-001494, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099, SRG-OS-000080-GPOS-00048, SRG-OS-000206-GPOS-00084, SRG-OS-000324-GPOS-00125

Fix

Configure ALTER WRITE and above access to SMF collection files to be limited to only z/OS systems programming staff. Configure UPDATE or greater access to z/OS system programming staff /or and and/or batch jobs that perform SMF dump processing, processing. access Access can be granted to others as determined by the ISSM. Configure READ access to be limited to auditors. READ access may be granted to others as determined by the ISSM. Access to other users specified must be documented in a security plan. Ensure the accesses are being logged.