Navigate

Check: ACP00220

zOS ACF2 STIG: ACP00220 (in versions v6 r43 through v6 r30)

Title

Access to SYS(x).TRACE is not limited to system programmers only. (Cat II impact)

Discussion

SYS1.TRACE is used to trace and debug system problems. Unauthorized access could result in a compromise of the integrity and availability of all system data and processes.

Check Content

a) Refer to the following report produced by the Data Set and Resource Data Collection: - SENSITVE.RPT(TRACERPT) Automated Analysis Refer to the following report produced by the Data Set and Resource Data Collection: - PDI(ACP00220) ___ The ACP data set rule for SYS1.TRACE allows inappropriate access. ___ The ACP data set rule for SYS1.TRACE does not restrict access to systems programming personnel and started tasks that perform GTF processing. b) If both of the above are untrue, there is NO FINDING. c) If either of the above is true, this is a FINDING.

Fix Text

The IAO will ensure that access to SYS1.TRACE is limited to system programmers only.

Additional Identifiers

Rule ID: SV-127r2_rule

Vulnerability ID: V-127

Group Title: ACP00220

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000213	The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-3	Access Enforcement