An error occurred:

Check: ZJES0051

zOS ACF2 STIG: ZJES0051 (in versions v6 r43 through v6 r30)

Title

JES2.** resource is not protected in accordance with security requirements. (Cat II impact)

Discussion

JES2 system commands are used to control JES2 resources and the operating system environment. Failure to properly control access to JES2 system commands could result in unauthorized personnel issuing sensitive JES2 commands. This exposure may threaten the integrity and availability of the operating system environment, and compromise the confidentiality of customer data.

Check Content

a) Refer to the following reports produced by the ACF2 Data Collection and Data Set and Resource Data Collection: - SENSITVE.RPT(OPERCMDS) - ACF2CMDS.RPT(RESOURCE) – Alternate report - ACF2CMDS.RPT(ACFGSO) NOTE: Review the ACFGSO report. If CLASMAP defines OPERCMDS as anything other than TYPE(OPR), replace OPR below with the appropriate three letters. Refer to the following report produced by the z/OS Data Collection: - EXAM.RPT(SUBSYS) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ZJES0051) b) Review resource rules for TYPE(OPR). c) If the JES2.- resource is defined to the OPERCMDS class, there is NO FINDING. NOTE: JES2 is typically the name of the JES2 subsystem. Refer to the SUBSYS report and locate the entry with the description of PRIMARY JOB ENTRY SUBSYSTEM. The SUBSYSTEM NAME of this entry is the name of the JES2 subsystem. d) If the JES2.- resource is NOT defined to the OPERCMDS class, this is a FINDING.

Fix Text

The IAO will ensure that the JES2.* resource is defined to the OPERCMDS class with a default of no access and all access is logged. If CLASMAP defines OPERCMDS as anything other than TYPE(OPR), replace OPR below with the appropriate three letters. Review resource rules for TYPE(OPR). Ensure the JES2.- resource is defined to the OPERCMDS class. Example: SHOW CLASMAP $KEY(JES2) TYPE(OPR) - UID(*) PREVENT

Additional Identifiers

Rule ID: SV-7228r2_rule

Vulnerability ID: V-6927

Group Title: ZJES0051

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000213

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3

Access Enforcement