Title

The INFODIR record does not include entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes in accordance with security requirements. (Cat II impact)

Discussion

Parameter settings in the ACP impact the security level of z/OS UNIX.

Check Content

a) Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFGSO) Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(ZUSSA070) b) If the INFODIR record includes entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes, there is NO FINDING. NOTE: The TYPES should be R-RFAC, R-RSUR, and R-RUNI. The use of the “R-” prefix that indicates the rules are resident is recommended, not required. c) If (b) is untrue, this is a FINDING.

Fix Text

The IAO will ensure that the INFODIR record includes entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes. Ensure the INFODIR record includes entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes, there is NO FINDING. NOTE: The TYPES should be R-RFAC, R-RSUR, and R-RUNI. The use of the “R-” prefix that indicates the rules are resident is recommended, not required. Example: SET C(GSO) LIST INFODIR TYPES(R-PCMF R-PGRP R-PUSR R-RAPL R-RCAC R-RCAT R-RCLS R-RCMF R-RDLF R-RDSD R-RFAC R-RIOA R-RKT4 R-RMGM R-RMQA R-ROCS R-ROMS R-ROPR R-ROSM R-ROVS R-RPGM R-RPKC R-RRSY R-RSAF R-RSDS R-RSER R-RSPL R-RSTR R-RSUR R-RTAC R-RTGR R-RTKC R-RTPE R-RTPR R-RUNI R-RWTR)

Additional Identifiers

Rule ID: SV-7299r2_rule

Vulnerability ID: V-6996

Group Title: ZUSSA070

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.