Title

LOGONIDs must not be defined to SYS1.UADS for non-emergency use. (Cat I impact)

Discussion

SYS1.UADS is a dataset where LOGONIDs will be maintained with applicable password information when the ACP is not functional. If an unauthorized user has access to SYS1.UADS, they could enter their LOGONID and password into the SYS1.UADS dataset and could give themselves all special attributes on the system. This could enable the user to bypass all security and alter data. They could modify the audit trail information so no trace of their activity could be found.

Check Content

a) Refer to the following report produced by the z/OS Data Collection: - EXAM.RPT(TSOUADS) Please provide a list of all emergency userids available to the site along with the associated function of each. b) If SYS1.UADS userids are limited and reserved for emergency purposes only, there is NO FINDING. c) If any SYS1.UADS userids are assigned for other than emergency purposes, this is a FINDING.

Fix Text

The system programmer and IAO will examine the SYS1.UADS entries to ensure LOGONIDs defined include only those users required to support specific functions related to system recovery. Evaluate the impact of accomplishing the change.

Additional Identifiers

Rule ID: SV-184r3_rule

Vulnerability ID: V-184

Group Title: ZTSO0020

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.