Title

There are LOGONIDs associated with started tasks that have the MUSASS attribute and the requirement to submit jobs on behalf of its users but do not have the JOBFROM attribute as required. (Cat II impact)

Discussion

Individual accountability will be lost when submitting a job.

Check Content

a) Refer to the following reports produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ATTMUASS) - ACF2CMDS.RPT(ATTSTC) Automated Analysis Refer to the following report produced by the ACF2 Data Collection Checklist: - PDI(ACF0620) b) Identify all started task logonids that have the MUSASS attribute and the requirement to submit jobs on behalf of its users. c) If every started task logonid that has the MUSASS attribute and the requirement to submit jobs on behalf of its users also has the JOBFROM attribute, there is NO FINDING. d) If any started task logonid that has the MUSASS attribute and the requirement to submit jobs on behalf of its users does not have the JOBFROM attribute, this is a FINDING.

Fix Text

The IAO will ensure that if the Multi User Single Address Space System (MUSASS) has the requirement to submit jobs on behalf of its users, the STC logonid has the JOBFROM attribute specified. If the Multi User Single Address Space System (MUSASS) has the requirement to submit jobs on behalf of its users, the STC logonid will also have the following attribute: JOBFROM Example: SET LID CHANGE logonid STC JOBFROM

Additional Identifiers

Rule ID: SV-163r2_rule

Vulnerability ID: V-163

Group Title: ACF0620

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.