Check: ACF0375
zOS ACF2 STIG:
ACF0375
(in versions v6 r43 through v6 r37)
Title
The OPTS GSO record value must be set to the values specified. (Cat II impact)
Discussion
The system-wide options control the default settings for determining how the ACP will function when handling requests for access to the operating system environment, ACP, and customer data. The ACP provides the ability to set a number of these fields at the subsystem level. If no setting is found, the system-wide defaults will be used. The improper setting of any one of these fields, individually or in combination with another, can compromise the security of the processing environment. In addition, failure to establish standardized settings for the ACP control options introduces the possibility of exposure during a migration process or contingency plan activation.
Check Content
Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFGSO) Automated Analysis requires Additional Analysis. Refer to the following report produced by the ACF2 Data Collection: - PDI(ACF0375) If the GSO OPTS record values conform to the following requirements, this is not a finding. BLPLOG NOCMDREC CONSOLE(NOROLL) CPUTIME(LOCAL) DATE(MDY) NODDB DFTLID() DFTSTC() INFOLIST(none | AUDIT | SECURITY | SECURITY, AUDIT) JOBCHK MAXVIO(10) NOTIFY RPTSCOPE SHRDASD STAMPSMF STC TAPEDSN TEMPDSN NOUADS NOVTAMOPEN
Fix Text
Ensure that the GSO OPTS value is set to valid options. This will also include the GSO OPTS MODE setting from ACF0370. Define the global options available to the system. BLPLOG NOCMDREC CONSOLE(NOROLL) CPUTIME(LOCAL) DATE(MDY) NODDB DFTLID() DFTSTC() INFOLIST(none | AUDIT | SECURITY | SECURITY, AUDIT) JOBCHK MAXVIO(10) NOTIFY RPTSCOPE SHRDASD STAMPSMF STC TAPEDSN TEMPDSN NOUADS NOVTAMOPEN Example: SET C(GSO) INSERT OPTS BLPLOG NOCMDREC CONSOLE(NOROLL) CPUTIME(LOCAL) DATE(MDY) NODDB DFTLID() DFTSTC() INFOLIST(SECURITY, AUDIT) JOBCHK MAXVIO(10) MODE(ABORT) NOTIFY RPTSCOPE SHRDASD STAMPSMF STC TAPEDSN TEMPDSN NOUADS NOVTAMOPEN F ACF2,REFRESH(OPTS)
Additional Identifiers
Rule ID: SV-48660r5_rule
Vulnerability ID: V-36899
Group Title: ACF0375
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-001762 |
The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure. |
| CCI-001764 |
The information system prevents program execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage. |